Some smart phones have features that allow data synchronisation between the mobile device and online storage or cloud services (such as iCloud or Google accounts) in near real time. Information that could be synchronised includes SMS, email, etc.
For smart phone users who had enabled the abovementioned data synchronisation, sensitive information sent via SMS or emails by PhillipCapital and/or its member companies, such as one-time passwords (OTPs), could be accessed by criminals if the login credentials to the online storage or cloud services have been compromised. Exposed OTPs together with online banking credentials or credit card information that had been harvested from customers can potentially be used by criminals to perform fraudulent financial transactions.
General best practices to secure mobile phones and online accounts are:
- Use strong passwords/biometrics for devices and online accounts.
- Ensure that the mobile device firmware is updated to the latest.
If possible, set up two-factor authentication (2FA) for online cloud accounts such as iCloud or Google.