Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Based on the number of phishing sites we observed in 2012, it appears that cybercriminals have discovered a new target in mobile devices.

    For 2012, we found 4,000 phishing URLs designed for mobile Web. Though this number represents less than 1% of all the phishing URLs gathered that year, this highlights that mobile devices (smartphones, tablets and the likes) are valid platforms to launch phishing attacks.

    Cybercriminals use phishing sites, which are spoofed versions of legitimate sites, to trick users into disclosing sensitive information like usernames, passwords, and even account details.

    What’s more worrisome is the kind of websites these phishing attacks spoof. In 2012, 75% of mobile phishing URLs were rogue versions of well-known banking or financial sites. Once users are tricked into divulging their login credentials to these sites, cybercriminals can use these stolen data to initiate unauthorized transactions and purchases via the victim’s account.

    A portion of these phishing sites were designed to spoof social networking sites (2%) and online shopping sites (4%). This small number for phishing sites for social media may be due to users preference for social media apps. Because users are unlikely to visit social networking sites by Web mobile, launching phishing equivalent of these pages may not be an effective way to target users.

    These numbers are consistent with our top 10 most phished entities, in which majority are banking or credit card websites.


    Figure 1. Mobile phishing URLs by industry

    Company Name Nature
    PayPal e-Commerce
    Absa Internet Banking Banking/Finance
    Popular en linea Banking/Finance
    Mijn ICS (International Card Services) Banking/Finance
    Barclays Banking/Finance
    Wells Fargo Banking/Finance
    eBay e-Commerce
    Bank of America Banking/Finance
    SFR (Societe Francaise du Radiotelephonie) Telecommunications
    Match.Com Online dating

    Table.1 Top 10 entities targeted by mobile phishing

    This trend in launching phishing attacks on mobile devices can be attributed to certain limitations of the platform itself. This includes the small screen size in most mobile devices, which prevents users from fully inspecting websites for any anti-phishing security element. With majority of mobile devices using default browsers, it is also easier for cybercriminals to create schemes as they need only focus on one browser instead of many.

    Then there’s the issue of users’ attitude towards mobile devices. It’s easy for users to dismiss these devices as simple devices that has no major security implications. However, what most users fail to understand is that smartphones and other mobile devices are as capable as any desktop. They are also open to the same threats that haunt PCs, thus these devices should be used more consciously and safely.

    To avoid these attacks, users must always be cautious with clicking links from emails. If possible, users should manually type the websites they want to visit and bookmark these sites. Users can also benefit from installing security apps like Trend Micro Mobile Security Personal Edition. Our Monthly Mobile Report for February Mobile Phishing:A Problem on the Horizon provides more details regarding mobile phishing, data-stealing apps, and other mobile security tips.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Peter Vervloet

      Can you give me a contact address to discuss where this data is coming from? Our company is mentioned and we are unaware of the problem.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice