We know there is no patch for human errata, but here are some do’s and don’ts that one can follow to make it harder for malicious threat actors in order to compromise handheld devices:
- Don’t allow your device to auto-join unknown WiFi networks.
- Always turn off WiFi when you aren’t using it.
- Never send sensitive information over public WiFi’s, use private and secure connections at all times to transmit any sensitive data.
- Only use applications in your devices from official Android Playstore. Never download untrusted applications from a browser.
- Beware of applications from unknown developers or those with bad reviews.
- Keep your applications updated to ensure they have the latest security patches available.
- Don’t grant excess permissions to applications you don’t trust.
- Watch out for ads, giveaways & contests that are too lucrative to be true. These often lead to phishing campaigns that appear to be legitimate.
- Pay attention to URLs. These are harder to verify on mobile devices but it’s worth the effort.
- Never save your login information when you’re using a web browser on an untrusted device.
- Disable automatic Bluetooth pairing.
- Always turn off Bluetooth when you aren’t using it.
Smishing (Phishing via SMS)
- Don’t trust messages that attempt to get you to reveal any PII (personally identifiable information).
- Beware of similar tactics in social media applications such as WhatsApp, Facebook Messenger etc.
- Treat messages the same way you would treat email, always think before you click.
Vishing (Voice Phishing)
- Do not respond to phone calls or email requests for personal financial information. If you are concerned, call the organization directly in case of doubt.