• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Mobile   »   When Phishing Goes Mobile

When Phishing Goes Mobile

  • Posted on:February 21, 2013 at 9:25 am
  • Posted in:Mobile
  • Author:
    Paul Pajares (Fraud Analyst) and Gelo Abendan (Technical Communications)
1

Based on the number of phishing sites we observed in 2012, it appears that cybercriminals have discovered a new target in mobile devices.

For 2012, we found 4,000 phishing URLs designed for mobile Web. Though this number represents less than 1% of all the phishing URLs gathered that year, this highlights that mobile devices (smartphones, tablets and the likes) are valid platforms to launch phishing attacks.

Cybercriminals use phishing sites, which are spoofed versions of legitimate sites, to trick users into disclosing sensitive information like usernames, passwords, and even account details.

What’s more worrisome is the kind of websites these phishing attacks spoof. In 2012, 75% of mobile phishing URLs were rogue versions of well-known banking or financial sites. Once users are tricked into divulging their login credentials to these sites, cybercriminals can use these stolen data to initiate unauthorized transactions and purchases via the victim’s account.

A portion of these phishing sites were designed to spoof social networking sites (2%) and online shopping sites (4%). This small number for phishing sites for social media may be due to users preference for social media apps. Because users are unlikely to visit social networking sites by Web mobile, launching phishing equivalent of these pages may not be an effective way to target users.

These numbers are consistent with our top 10 most phished entities, in which majority are banking or credit card websites.

Mobile-Phishing-Piechart

Figure 1. Mobile phishing URLs by industry

Company Name Nature
PayPal e-Commerce
Absa Internet Banking Banking/Finance
Popular en linea Banking/Finance
Mijn ICS (International Card Services) Banking/Finance
Barclays Banking/Finance
Wells Fargo Banking/Finance
eBay e-Commerce
Bank of America Banking/Finance
SFR (Societe Francaise du Radiotelephonie) Telecommunications
Match.Com Online dating

Table.1 Top 10 entities targeted by mobile phishing

This trend in launching phishing attacks on mobile devices can be attributed to certain limitations of the platform itself. This includes the small screen size in most mobile devices, which prevents users from fully inspecting websites for any anti-phishing security element. With majority of mobile devices using default browsers, it is also easier for cybercriminals to create schemes as they need only focus on one browser instead of many.

Then there’s the issue of users’ attitude towards mobile devices. It’s easy for users to dismiss these devices as simple devices that has no major security implications. However, what most users fail to understand is that smartphones and other mobile devices are as capable as any desktop. They are also open to the same threats that haunt PCs, thus these devices should be used more consciously and safely.

To avoid these attacks, users must always be cautious with clicking links from emails. If possible, users should manually type the websites they want to visit and bookmark these sites. Users can also benefit from installing security apps like Trend Micro Mobile Security Personal Edition. Our Monthly Mobile Report for February Mobile Phishing:A Problem on the Horizon provides more details regarding mobile phishing, data-stealing apps, and other mobile security tips.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: mobile devicesphishing

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.