Mobiles and Phishing – Why They're More Dangerous

Thursday, June 14, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

Phishing occurs when scammers send emails that appear to have been sent by legitimate, trusted organizations in order to lure recipients into clicking links and entering login data and other credentials. 

SMiShing is a version of phishing in which scammers send text messages rather than emails, which, as with phishing emails, appear to have been sent by a legitimate, trusted organization. The terms reference a scammers’ strategy of fishing for personal information.

For instance, you could receive an email or text message from someone posing as your credit card company, asking you to confirm your account numbers or passwords.  It’s much easier to fall for these tricks on your mobile device because a lot of the things you can do to check if an email is legitimate are not available.

Because of the limited screen space on your mobile device, you probably can’t see a site’s full web address, or an email sender’s full return address. Without being able to see a full address, it’s difficult to tell if the website or sender is legitimate. You also can’t “hover over” a link like you can from your computer and get a preview of a linked word or graphic.

Another factor is the “always on” nature of mobile devices. Most mobile users are more likely to immediately read their email messages and forget to apply their security practices, such as checking to see if an email is from someone they know and if any included links appear real.

Because messages are checked continuously, you are more likely to encounter phishing attacks within the first few hours of launch, before security filters have a chance to mitigate the threat.

If you do click on a dangerous search result or stumble upon a malicious webpage, you could wind up accidentally downloading malware onto your phone, or simply run into inappropriate content.

To protect yourself from a mobile phishing scam:

  • Don’t click on any links from people or companies you don’t know
  • Even if you do know the person or company who sent the email or text, take the time to double-check a website’s address and make sure that it appears legitimate
  • Be wary of any retail site with deeply discounted prices, and always check other users’ comments and reviews before purchasing online.
  • Rather than doing a search for your bank’s website, type in the correct address to avoid running into any phony sites, or use your bank’s official app

Use a comprehensive mobile security product such as McAfee Mobile Security, which offers mobile antivirus protection, safe search, backup and restore functions, call and text filtering and the ability to locate your phone and wipe personal information in the case of loss.

The best protection from this scam is awareness. Once you understand how it works, you are better positioned to recognize mobile phishing, and how to avoid clicking links within emails or text messages and otherwise responding to such ruses.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Possibly Related Articles:
11996
General
Information Security
Phishing fraud scams Social Engineering Security Awareness Mobile Devices Smishing Text Messages
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.