How Android protects you from scams and phishing attacks
Cybercriminals are targeting smartphones and tablets more than ever before. That’s because people are spending more time on their mobile devices, and they’re using them to send and store significant amounts of valuable data — like banking information, healthcare data and passwords. Cybercriminals are also targeting mobile devices because of their smaller screen sizes and frequent app and messaging notifications, which make it more difficult to verify if a sender is legitimate.
These criminals are increasingly using phishing attacks, scams and malware to obtain sensitive financial information or account passwords. In fact, during the pandemic, phishing attacks grew by 600% and became the top infection method in 2021.
Phishing attempts can come from a variety of sources like emails, text messages, voice calls and even third-party messaging apps. So it’s critical to have a layered security approach in place to defend from many angles. To help ensure we’re providing strong protection on Android, we hired a third-party security lab to evaluate our features and functionality that help protect you from scam and phishing attacks on your mobile devices. The report concluded that Android devices provide more features for scam and phishing protection than other mobile operating systems1.
For Cybersecurity Awareness Month, let’s take a closer look at these features and ways you can further protect your devices.
Avoid spam, scam and phishing attempts
Attackers often use text messages since they’re an easy channel to reach people. Messages by Google uses machine learning models to help proactively detect 1.5 billion spam, phishing and scam messages every month. It looks for known patterns and either diverts bad messages into the spam folder or warns you if it notices something suspicious.
Messages by Google detects 1.5 billion spam, phishing and scams messages every month.
Messages are analyzed with your privacy in mind, so they stay on your device and are never shared with anyone. You can, however, report a message to Google to help protect others. Gmail, the default email app on most Android phones, is also highly effective at flagging malicious messages, automatically blocking 99.9% of spam, phishing and malware.
Attackers today aren’t just using text messages and emails to phish for data. We’ve seen a 5x increase in the number of attacks involving phone calls, where a criminal tries to impersonate your bank or IT department to get you to hand over your credentials. Phone by Google provides multiple security defenses to help protect against attacks like these — from built-in caller ID and spam protection to Call Screen.
Get warned about bad links, downloads and apps
Many phishing and scam attempts try to get you to visit a malicious page impersonating a legitimate-looking site to enter your credentials, steal your social security number or download malware. Safe Browsing on Android protects 3 billion devices globally and helps warn you about potentially risky sites, downloads and extensions. It offers broad protection throughout your Android experience — from browsing on Chrome and other browsers to connecting to the web through social media apps
Safe Browsing helps defend you from dangerous websites and malicious files whether you're on a browser or an app.
Even if you download an app outside of Google Play, Google Play Protect checks the installation and can warn you about a harmful or malicious app. Play Protect also scans all the apps on your device every day for harmful ones, even if you’re offline.
Get notified about your Google account
On Android phones running version 7.0 and up, you can use the built-in security key for additional protection. When you or someone else tries to sign into your Google account, you’ll get a notification on your phone asking to confirm that it’s you.
And it’s always good to regularly do a Security Checkup, which you can access right from your device settings. It’ll provide personalized security tips for your account, remind you to keep your passwords up to date, and share what devices you’re currently signed in on and what apps have access to your data.