Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Most Common Mobile Security Threats

Mobile Security Threats

about the author

Share this post

Mobile security threats are on the rise. As technology continues to advance, it also paves the way for an increased number of mobile phone and smart technology scams. Cybercriminals are quick to adapt to any changes in the digital landscape and our increased usage of connected devices has provided the perfect opportunity for malicious hackers to target users.

A number of factors contribute to weak mobile phone security, but one of the top concerns is that phones are much easier to be misplaced, lost, and stolen.

Knowledge is the most powerful weapon in the battle against scamming and it is more important than ever to be aware of common mobile security threats and how to avoid them.

Common Types of Mobile Security Threats:


Smishing or SMS phishing is a common method of attack in which scammers target victims through text messaging. These text messages then prompt the recipient to click a link that will download malware or redirect the victim to a malicious website to harvest their sensitive information.

In recent years, smishing has grown in popularity, as it enables cybercriminals to lure text message recipients into revealing personal or financial information without having to break through the security defences of a computer or network. Typically, these messages contain a sense of urgency, threat or warning to try to get the recipient to take immediate action.

With the average person sending 15 texts per day, smishing offers a unique opportunity for malicious hackers to take advantage of victims who are often distracted or in a hurry. Research has also found that users are more likely to respond to a phishing attack on a mobile device than a desktop as people are less cautious with text messages than they are with standard phishing scams which are usually blocked by spam filters.

Malware Apps

Application-based threats occur when users download apps that look legitimate but actually hide malicious malware, worms or trojans. These apps can then tamper with permission settings, steal personal and business information or sneakily sign users up for subscription services without them even realising.

For example, Skygofree, an app that is disguised as an update to improve mobile internet speed has been found to execute 48 different commands, turn on your phone’s microphone, connect to compromised Wi-Fi and collect personal information.

If a user takes the bait and downloads the trojan, it displays a notification that setup is supposedly in progress, conceals itself from the user, and requests further instructions from the command server. 

These apps are often simple, catchy and offered free of charge, which makes it appealing to many users and results in potentially millions of downloads.

With 24,000 malicious malware apps blocked from devices each day and more employees using their own devices for work purposes such as accessing corporate email and viewing documents, it’s vital that staff are aware of the potential consequences malicious apps can have and how to avoid them.

Unsecured Wi-Fi

Research shows 61% of organisations surveyed said employees connect company devices to public Wi-Fi networks when working outside of the office, in places such as hotels, airports, and cafes. Public Wi-Fi networks is common in many establishments; however, having a captive audience of unprotected users linked to the same network also enables cybercriminals to easily distribute malicious software or intercept our sensitive information.

Another risk of using free public Wi-Fi is that users may accidentally connect to a rogue hotspot. These are open hotspots that are usually similarly named after a legitimate hotspot, which cybercriminals set up to lure people into connecting to their network. Cybercriminals give the access points common names like “Free Airport Wi-Fi” or “Coffeehouse” to encourage users to connect. Once a victim is connected to a rogue Wi-Fi hotspot, hackers can then intercept data and even use tools to inject malware into the connected devices.

In some cases, users are requested to set up an account to access the spoof network, complete with a password. With two in three people reusing the same password for multiple platforms, fraudsters are then able to compromise the users’ email and other accounts.

For hackers, exploiting public Wi-Fi to collect data is incredibly simple and cheap, which explains this growing attack method.


Cryptography plays an especially important role in securing our data. However, broken cryptography can happen when app developers use weak encryption algorithms or fail to implement a strong encryption algorithm in a secure way. As a result, any motivated attacker can exploit the vulnerabilities to crack passwords and gain access.

The exploitation of broken cryptography can cause technical as well as business implications for organisations. While the technical impact includes unauthorised access and exposure of sensitive information from the device, business consequences could include information theft, reputational damage, privacy violations, and financial fines.

Session Handling

Improper session handling occurs when the previous session continues, even when the user has finished using the app. Often, apps allow long sessions to speed up the buying process; however, this leads to vulnerabilities as cybercriminals can then impersonate another user and perform a functionality on their behalf.

Depending on the targeted application, criminals can then transfer money from the user’s bank account, buy items on ecommerce websites, access detailed personal information to commit identity theft, steal clients’ personal data from company systems or demand a ransom payment

One particular danger for organisations is that improper session handling can also be used to identify authenticated users in single sign on systems. This means that a successful session hijack can give the fraudster access to multiple web applications, from financial systems to customer records which contain valuable intellectual property.

How to Avoid Common Mobile Security Threats

To avoid mobile security threats, there are a number of steps you can take:

  • Be wary about text messages requesting personal and or financial information. Go directly to the company’s website to verify the claim.
  • If you must get on public Wi-Fi, use a VPN for more security, which also has the added benefits of masking your IP address and location, in addition to encrypting and securing your traffic. Additionally, turn off the Bluetooth setting on your devices when not in use.
  • Avoid the storage of any sensitive data on a mobile device.
  • Combine strong passwords coupled with biometric features, such as fingerprint authenticators for increased security.
  • Install a trusted antivirus solution. If you do happen to download a malicious app or open a malicious attachment, mobile anti-malware protection can prevent the infection.
  • Your mobile device firmware might also be vulnerable to security threats. Ensure you have downloaded the latest updates, which often include security patches for your device.
  • Use HTTPS to ensure SSL/TLS encryption of all session traffic. The lock icon in the browser’s address bar indicates that you are on a secure and reputable connection. Check for this when entering personal data such as your address or payment information or sending emails from your mobile browser.

Educate Employees About Mobile Security Threats

Employees represent the biggest threat to an organisation’s security, so it’s vital they are equipped with the necessary skills to identify mobile security threats and help prevent a cyber-attack. 

MetaLearning Fusion is the next generation of eLearning and it’s been specifically designed to provide the best possible Cyber Security and Privacy training for your staff. Organisations can build bespoke courses for their staff from an extensive library of short eLearning courses. 

Get in touch for further information on how MetaLearning can be used to transform Cyber Security training within your organisation.

Other Articles on Cyber Security Awareness Training You Might Find Interesting