Hackers found Anna Harris after she did a Google search for Amazon’s phone number.
“A person answered, said it was Amazon,” Harris said.
The next thing Harris knew, the cyber criminal had taken over her phone. He worked fast, making her think she was downloading a legit mobile app developed by Amazon.
It was an Amazon copycat, so what Harris actually downloaded on her Android phone was malicious software known as malware, giving the hacker access to her sensitive information.
“And, so, when my phone went black, I tried to turn my phone on, and it was totally cleaned out,” she told the In Your Corner team. “I mean, I had nothing, no contacts, no nothing.”
Harris’s email and credit card accounts were compromised. The cyber criminal was also able to rack up more than $800 in fraudulent charges on her cellphone bill.
Cyber security expert Geoff Wilson tracks malicious threats.
“It can be your whole identity,” Wilson said.
Wilson said, when you download an app, it may ask you for permission to access other parts of your phone and, by saying yes, you could be infecting your smartphone and giving a hacker access to your contacts, passwords and financial accounts.
Many of us use an extra layer of security, known as two-factor authentication, which requires not just a password but a special code for logging into our online accounts.
Wilson said the extra protection is worth it however, should a hacker steal your phone number, now they can intercept text-based two-factor codes to access your accounts from their device.
“We need to make sure extra checks are enabled to maybe ask for pins, ask for security questions, maybe not use your phone, instead use your email account,” he said.
Or, better yet, use a two-factor authentication app that takes the special codes out of email and text, and only stores them securely on your device, which the hacker won’t have.
Harris’s got her phone on lockdown now. She and other Android users are an easy target since they can install apps from anywhere, even untrusted, malicious websites.
Apple users, on the other hand, can only download from the Apple store, which is harder for hackers to infiltrate.
The In Your Corner bottom line: no app store is 100 percent safe from hackers.
The last thing you want to do is open a random link or download an app from an unverified site.
Some two-factor authentication apps include LastPass, Authy and Microsoft Authenticator.