In addition, there are also WiFi services for which a fee is charged. This type of service is mostly offered in touristic city centres, where demand is the highest. A payment, usually by credit card, must be made when logging on to such a network. Fraudsters exploit this situation by again providing a bogus WiFi hotspot with the same or similar name and requesting credit card details when a victim connects.
There is always a certain risk when you connect to a third-party WiFi network, as you can never be 100% sure who is behind it. The risk starts as soon as the connection to the WiFi network is established. An attacker can make your device download malware already at this point, giving them access to all of your phone's data.
Another risk is that the person who set up the fraudulent WiFi network can read all the information you leave behind when you surf the internet. It is therefore important that your connection to any websites you visit be encrypted. When connecting via a public WiFi hotspot, never enter login credentials on websites that are not encrypted. Look for "https" in the URL or the padlock symbol in the address bar. You should generally refrain from using sensitive services such as e-banking and reading emails at public hotspots.
If in doubt, use your mobile phone network for data communication; when abroad, use the roaming function.
It is advisable to use a VPN service. In this way, all communication is "hidden" and an attacker has no chance of reading the navigation history or data. A VPN connection is absolutely essential for business use (e.g. business emails).
Deactivate WiFi and Bluetooth when you do not need these services. This helps to avoid attack methods that cybercriminals use to penetrate your device undetected. It also reduces battery consumption.
3. Use an official app store
One of the most important attack vectors on mobile devices is the installation of malicious apps. On average, 200 million apps are installed on mobile devices every day, ranging from e-banking apps to shopping list managers. Not all apps are equally secure, however, and this applies especially to the source from which they are obtained and installed.
Aside from the app stores that are preinstalled on mobile phones by phone manufacturers (e.g. Google Play, Apple's App Store), other stores that offer apps also exist. These are called alternative or third-party app stores. While the official app store providers carry out in-depth checks on the apps, this is not the case with some alternative stores, or only to a limited extent. The NCSC therefore recommends downloading apps only from the official app stores. Only use alternative app stores if you are aware of the possible security problems and you trust the sources implicitly.
Another risk when installing apps is hidden in the access rights they ask you to grant. Avoid apps that require too many access rights. Only allow an app the rights it needs for its actual purpose.
- A weather app does not need access to telephone contacts.
- A shopping list app does not need access to photos.
4. Install antivirus software
Just like viruses that attack your PC, there are also viruses that target mobile phones. Therefore, you should set up antivirus software on your mobile device too.
5. Install updates
The updates published by manufacturers and developers not only offer new functions, they also help to resolve vulnerabilities and prevent programming errors. It is therefore important to always keep your device and all apps installed on it up to date.
6. Save your data regularly
The NCSC recommends that you regularly save the data on your device, be it via a cloud service or syncing to your PC or directly to an external storage device.
An accident, loss or theft can happen quickly!
7. Activate encryption on your device
In the event of loss or theft, encryption ensures that the confidential data on your device cannot be accessed by unauthorised third parties. Nowadays, encryption is automatically enabled on many devices, provided the mobile phone is protected by a PIN, Touch ID or Face ID. However, it is worth checking whether encryption is enabled, especially with older devices.
8. Activate "Find My…" and have access to remote wipe
Leaving your mobile phone somewhere can happen before you know it. To counter this problem, many phone brands offer a remote device location tracking service.
- On Android, the service is called "Find My Device" and can be downloaded directly from the official Play Store.
More information on how to activate it and how it works can be found in the Google Account Help.
- On Apple, the app is called "Find My" and is installed as standard on each Apple device. However, it must be manually activated. More information on how to activate it and how it works can be found in the iCloud User Guide.
- On Samsung, the function is called "Find My Mobile". It is likewise installed as standard on devices and also requires manual activation to work. More information on how to activate it and how it works can be found und Find My Phone
Generally, these smartphone location tracking functions require devices to be switched on, connected to a WiFi network or have mobile data activated, and have location sharing enabled.
If this is the case, devices will be able to transmit their exact location and receive instructions such as to wipe themselves, play a ringtone, etc.
In addition, some device models can be configured so that the data they contain is automatically deleted after a certain number of failed password attempts.
9. Use caution with public charging stations
As soon as you connect your device to any USB port to charge it, there is a certain risk that data can be accessed. It is possible that information about the type, brand and model of the device will be read during the charging process. However, it is also possible that malware could be installed.
The best way to protect yourself against this is to use only the power adapter supplied with the device when charging it in public places.
An external battery (power bank) is also a good solution. This means you can charge the external battery at a public station and then charge the mobile phone from this battery. In this way, the phone is never directly connected to the public station.