Cape Town - At least a quarter of mobile phone users in South Africa do not understand the risks of cyber threats and expose themselves to cybercrime, a survey shows.
According to a survey by security firm Kaspersky Lab and B2B International, 33% of smartphones in South Africa are not password protected while 26% of users are unaware that mobile malware exists.
"To make matters worse, globally 18% of unprotected Android-based smartphones contain precisely the information that attackers are most eager to find: PIN codes for bank cards, passwords to online banking systems and other financial data. 24% of them store passwords to social networks, personal and work e-mail, VPN and other sensitive resources," Kaspersky said.
Weak passwords
As people migrate to using mobile devices, criminals have shifted their focus to the most popular platforms in a bid to steal the likes of personal financial information.
"It is not surprising that mobile users are facing online threats more often now: Devices are capable of doing so much more, and many more people are using them, so of course they will attract fraudsters," said Victor Yablokov, head of Mobile Product Line at Kaspersky Lab.
The research has also revealed that there are mobile users who also store bank PIN codes, access credentials, ID information and account numbers on smartphones. But these users then fail to implement basic protection measures such as a strong password.
Meanwhile, a recently released Trend Micro report has demonstrated that just three malware applications make up the majority of attacks on the financial system in SA.
They are: SWISYN, which makes up 37% of detections, followed by DORKBOT (27%) and ZEUS/ZBOT (23%). These applications are able to steal log-in credentials, copy key strokes and download additional malware on to compromised PCs.
In addition, the 2014 Trustwave Global Security Report found that weak passwords contributed to 31% of intrusions the company investigated in 2013.
The most commonly used password was "123456", followed by "123456789", "1234" and "password".
"It is a very big problem, and I'll tell you why: People are lazy. So if your company policy says to you that you've got to use a minimum of eight characters… users themselves, because they work for the company, they don't really care," Andrew Kirkland, Trustwave regional director for Africa told Fin24.
Kaspersky advised that mobile device users exercise caution, including using complex passwords that are changed on a regular basis.
"To avoid falling victim to scams, users are advised to protect their devices against cyber threats and be especially careful with any sensitive data stored on them," said Yablokov.
- Follow Duncan on Twitter