Since the introduction of the smartphone, developers have created apps — hundreds of apps — that allow most entrepreneurs to control almost every aspect of their business: email, CRM, accounting, social media … the list is endless.
With the rise of the popularity of smartphones, hackers have turned their attention away from computers and now focus on hijacking mobile devices and the accounts associated with them.
Cybercriminals want access to your smartphones because of the information stored on them, such as your emails and banking information, to commit a variety of crimes such as fraud, blackmail and theft.
Types of scams
There are two types of scams solo and small business owners should be on the lookout for. The first is cellphone subscriber fraud in which hackers obtain your cellphone information and set up accounts for themselves using your business’s name.
Armed with your account information, they can also purchase smartphones, tablets, mobile hotspots and other equipment, leaving you to pay for equipment your business never purchased.
The second scam is cellphone cloning, which occurs when criminals get ahold of your smartphone’s serial number and mobile number.
Once a phone is cloned, it’s hard for your mobile carrier to tell the difference from your smartphone and the cloned one. This allows criminals to gain access to your business communications such as texts, calls and more.
With more websites and financial institutions using two-step authentication via your phone, criminals could gain access to your online account. With a cloned phone, hackers could send texts to your customers, scamming them to click on a link that could install malware or ransomware on their devices.
Take precautions
How can you protect your business from these scams? Take the following precautions.
1. Set up protection with your phone carrier.
All major phone carriers are aware of smartphone hacking and have taken steps to make sure that their customers are protected.
Your phone carrier should request you to create a PIN for your account. Whenever you contact your service provider to inquire about your account or to make changes to your account, your PIN is requested. If you think you do not have a PIN, call your provider and make sure you have one.
To keep your employees from abusing your account information, only share your PIN and other account information with critical personnel.
2. Beware of phishing attacks.
Phishing and spearfishing attacks are some of the more popular ways phone hijacking can occur. The purpose behind phishing and spearfishing is to get sensitive information from you or your employees.
Most small business cyberattacks occur via email. Be sure you learn how to identify bogus emails and train your employees not to click on suspicious links in emails, especially if they look like they come from your mobile provider.
When in doubt about any phone calls or emails regarding your mobile account, call customer service or stop into a store of your provider.
3. If you can help it, do not publish your phone number online.
It’s tempting to post your and your employees’ smartphone numbers on social media, business cards and on the company website. Don’t do it. Keep business cellphone numbers off of your company website and social media accounts.
Cybercriminals are always looking for any piece of personal information they can use against you and your company. If a criminal gets a hold of your cell number, they can do an internet search to see which provider you use. With that information, they can impersonate a customer service representative and gain valuable account information from you.
If you want to give you and your employees a safe way to use a smartphone for business, get a VoIP (voice over IP) phone system for your business. Services like Vonage Business and Ring Central have smartphone apps that allow you to make business calls from your smartphone while masking your cell number.
4. Review your phone bills monthly.
In this day of the email statement and autopay, it’s tempting to just pay your bill without looking at your statements. You won’t always get an alert from your phone provider if something bad happens.
Keep a close lookout for any odd changes. If something doesn’t add up, report it immediately.
5. Do not use the same usernames and passwords for your online business accounts.
Cybercriminals count on solo and small businesses to use the same usernames and passwords for all of their accounts.
In this day and age of data breaches, your company’s online account information is probably floating around on the dark web. When criminals get your account information, they begin the process of checking all of your accounts using your information to see what they can access.
They start with less critical online accounts such as social media and email. If they are able to log into these accounts, then they move on to more critical accounts such as your financial and mobile accounts.
Make your passwords long, complicated and difficult to guess.
Criminals are constantly finding new ways to scam small businesses. They use a combination of technology and tactics to gain access to information. Follow the above steps to keep safe from phone scams.