How to set up anti-phishing security in Kaspersky for Android | Kaspersky official blog

Phishing links are no longer a rare sight. They’re increasingly common in messaging apps, and often come seemingly from people you know well, who, of course, are completely unaware. Scammers hijack accounts and cleverly impersonate friends and family — abusing trust to get closer to your wallet or your secrets.

To help you fight off this growing wave of threats, we’ve added some new features to Kaspersky for Android. In this post, we explain the new layer of defense against phishing and malicious links brought to you in the latest Kaspersky for Android update.

Phishing links and where to find them

By default, we consider any link designed to deceive to be a phishing link. These links often lead to fraudulent websites that mimic legitimate ones using typosquatting and other tricks. For example, this link — https://www.kaspersky.com/blog/, seemingly to our blog, will redirect you to our Telegram channel instead. This is a safe example, but scammers aren’t so harmless.

You can encounter phishing links just about anywhere: in emails, text messages, but especially in messaging apps. A common scam we’ve covered involves attackers using hacked accounts of friends and family to send fake gift subscriptions for apps like Telegram. But instead of a free Premium subscription, victims end up with their personal account hijacked.

Phishing scams can also lurk in job offers, Google Forms surveys, or crypto giveaways. Sometimes you don’t even have to do anything on a phishing site to get infected. This is called a zero-click attack. The victim doesn’t need to fill out any forms, click on buttons, or submit anything. All that’s required is to follow a link to the malicious page that exploits a vulnerability. Once you reach that page, your device is compromised.

Phishers have a plethora of ways to reach their victims. It’s often difficult to spot a fake URL with the naked eye — one mistake can get you trapped. That’s where an automated solution comes in handy, recognizing and neutralizing the suspicious link.

How anti-phishing security works in Kaspersky for Android

The updated Kaspersky for Android protects your devices from phishing with three distinct layers:

• Notification Protection detects and blocks malicious links in notifications from any apps, whether they be well-known like WhatsApp or Telegram, new apps, or even ones that don’t exist yet.
• Safe Messaging blocks dangerous links in text messages and the WhatsApp, Viber, and Telegram messaging apps.
• Safe Browsing checks links before opening them and blocks malicious and phishing websites in Google Chrome, Yandex Browser, Firefox, and some other pre-installed browsers like Samsung Internet and Huawei Browser.

Why do we call these features “layers”? Think of it as a medieval fortress with multiple defenses: the castle’s tall walls, archers atop the walls, and a moat. You might wonder, why bother building tall walls and employing archers if there’s a moat? Attackers wouldn’t be able to get across the moat anyway. The thing is, attacking archers could still fire on those inside if there were no tall fortress walls, and catapults could lob stones (or something more deadly) over both the moat and walls. So, a good fortress needs all three defenses.

Similarly, a smartphone needs security on every level. The Kaspersky for Android app has long blocked phishing links in browsers with Safe Browsing and in SMS messages, WhatsApp, Viber and Telegram with Safe Messaging.

The update adds a new layer. Now Kaspersky for Android locates and blocks malicious links in all notifications, from any apps. The new features are available to all Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium subscribers.

Here’s how it works. If any app — say, a messaging app — tries to show you a phishing link in a pop-up notification, our security solution hides the malicious notification and replaces it with its own. This new notification will have the title Dangerous link detected and the text of the original message, but with the malicious link removed.

Important: no Kaspersky employee can read your private messages. This security mechanism is fully automated and only scans for standard links within notification text. For this reason, it won’t be able to check links that are concealed with special formatting like hidden text in a messaging app or those disguised as a hyperlink with anchor text like “click here”.

How to enable maximum anti-phishing security

To give Kaspersky for Android the permissions it needs to find and repel threats, you need to enable certain settings in the Android OS. The first step is to turn on access to Accessibility features, which is required for all layers of security. If you don’t grant this permission, the app will warn you and provide instructions. You can also enable it manually: Settings → Accessibility → Kaspersky → Use Service → OK.

Next, you need to enable the first layer of security: Notification Protection. This allows the app to detect phishing links directly in your notifications.

• Open Kaspersky for Android.
• Go to All features → Safe Messaging → Check notifications.
• Grant notification access: Settings → Apps & notifications → Special app access → Notification access → Kaspersky → Allow.

The exact steps may vary slightly depending on your smartphone model. For this reason, all Kaspersky for Android users can access a quick link from the app itself to the correct settings section. Simply tap Check Notifications in the app, and in the window that opens, tap Show instructions → Continue.

The first layer of security is on. Now, Kaspersky for Android will alert you when it detects malicious links in notifications.

Now for the second layer, Safe Messaging, which blocks dangerous links in SMS messages and WhatsApp, Viber, and Telegram.

• Open Kaspersky for Android.
• Go to All features → Safe Messaging → Check SMS messages → Allow.
• Go to All features → Safe Messaging → Block dangerous links in messaging apps.

Now, the second layer of security, Safe Messaging, is also enabled.

Next, we turn on the third layer of anti-phishing security: Safe Browsing. This feature blocks you from visiting malicious websites in browsers.

• Open Kaspersky for Android.
• Go to All features → Safe Browsing.
• Activate the toggles next to Block dangerous websites and Check links you open from other apps.

Don’t forget to check the settings in the messaging apps you use, and make sure you allow new message notifications. We recommend paying attention not only to the general app settings, but also to individual chat settings. Remember that phishing links can even come from hacked accounts of people you know.

Here’s another important detail for Telegram users. This messaging app opens all links by default in its built-in browser, and scammers take advantage of this. Our Safe Browsing feature doesn’t work in Telegram’s built-in browser. For increased device security, you should change the default Telegram settings to open links in a third-party browser instead. To do this, in Telegram go to Settings → Chat Settings and turn off the switch for In-App Browser.

Install the best anti-phishing security on your devices, treat every unexpected link received in a messaging app or via SMS with due suspicion, and follow our Telegram channel to stay up to date on the latest cybersecurity trends.

Protect yourself from scams in messaging apps and SMS:

• WhatsApp and Telegram account hijacking: How to protect yourself against scams
• Setting up both security and privacy in WhatsApp
• What to do if your Telegram account is hacked
• Messengers 101: safety and privacy advice
• How to protect yourself from SMS blaster scams

Kaspersky official blog – ​Read More