NSA shares seven steps iPhone and Android users MUST take to protect from secret smartphone hacks

Rebooting a smartphone regularly helps in protecting against cyberattacks by preventing zero-click exploits and spear-phishing. If users don't reboot the system, a hacker can manipulate open URLs to run a code that installs malware onto the device. Turning the phone off resets all open web pages and apps and logs out of bank accounts to prevent cybercriminals from accessing sensitive information. This has the same effect on spear-phishing attacks because it removes a hacker's ability to send targeted fraudulent emails since they won't be able to access your personal information.

A 2015 Pew Research study found that nearly half of all smartphone owners rarely or never turned their cell phone off, while 82 percent said they never or rarely rebooted their phone.

According to the article, hackers use several social engineering tactics to deceive users into compromising their personal information. Some of these tactics include:

1. Phishing: Attackers send fraudulent emails or messages that appear to be from reputable sources, tricking individuals into revealing sensitive information like passwords and credit card numbers.

2. Whaling: A targeted phishing scam that focuses on high-profile individuals such as CEOs and CFOs.

3. Baiting: Scammers make false promises to users in order to lure them into revealing personal information or installing malware on their system5. This can be in the form of tempting ads or online promotions5.

4. Diversion theft: This involves tricking the user into sending sensitive information to the wrong recipient.

5. Business Email Compromise (BEC): The attacker poses as a trustworthy executive who is authorized to deal with financial matters within the organization. They create a fake email account and send a request for money transfers or changes in banking details.

6. Smishing / SMS-phishing: A social engineering attack conducted specifically through SMS messages. The attacker attempts to lure the user into clicking on a link which directs them to a malicious site.

7. Quid pro quo: The attacker requests sensitive information from the victim in exchange for a desirable service. For example, posing as an IT support technician and calling a computer user to address a common IT issue.

8. Pretexting: This involves composing plausible scenarios that convince victims to share valuable and sensitive data. Pretexters may impersonate someone in a position of authority or a person of interest.

9. Honeytrap: A social engineering technique that specifically targets individuals looking for love on online dating websites or social media. The criminal creates a fake online profile and, over time, tricks the victim into giving them money or sensitive information.

10. Tailgating/Piggybacking: A physical breach where an attacker gains access to a physical facility by asking the person entering ahead of them to hold the door or grant them access. The attacker may impersonate a delivery driver or other plausible identity to increase their chances.

These tactics rely on the psychological manipulation of human behavior to disclose sensitive data, share credentials, or compromise digital security.