How to Avoid Becoming a Victim of a Mobile Phishing Attack

Posted by Tobias Eichenseer Thu, 18 Sep 2014 15:38:00 GMT

The dependence on mobile browsers to accomplish security sensitive operations is increasing. With this comes an increase in mobile cyber threats, as cybercriminals are now moving beyond computers and shifting to mobile handheld devices.

A phishing survey reported that the number of phishing targets increased from 2012 to 2013, indicating that e-criminals are spending time looking for new opportunities. Mobile phishing occurs when identity thieves collect the user's information, including financial or account information such as user name and password, Social Security Number, date of birth, and credit card information from mobile devices, for the purpose of committing fraud or other illegalities.

Limitations of Mobile Devices
Specific limitations of the mobile platform make mobiles susceptible to phishing attacks:

1.    The mobile device’s much smaller screen size constrains the ability of the mobile browser to entirely display any anti-phishing security elements a website may contain. Most mobile browsers in use today simply lack any room to incorporate security indicators and certificate information that alert users of site identity and the presence of strong cryptographic algorithms, as is done with their desktop counterparts. This leaves users unable to verify whether the website they are logging into is legitimate or not; a critical security flaw rendering mobile browsers unsafe. 
    
2.    The permanent default browsers preinstalled on certain phones are another limitation. Their ability to automatically start up and display links the user opens makes it less difficult for cybercriminals, who can now focus on only one browser to exploit.

This combination of a radically reduced screen size and absence of security indicators makes it difficult for users to determine the security standing of mobile browsers, and makes mobile browsing more dangerous for average users, since it provides a false sense of security. Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers. 

Advantages of Mobile Devices:
However, the mobile platform also has some benefits that reduce the concern of mobile phishing: 

1.    The mobile platform allows phishing targets, including online shopping and banking sites, to develop their own apps for customer use. Assuming there are no spoofed apps and there is a mechanism for constant updates, these legitimate apps facilitate more secure exchanges of information between organizations and their customers.

2.    Mobile browsers are increasingly becoming more powerful, and are able to process and run complex scripts. Websites that involve login details may take advantage of this fact to implement better security measures.

Protection Against Mobile Phishing

One can prevent mobile phishing from taking place by adopting and following the following best practices:

1.    Avoid opening links in emails, especially from suspicious or unknown senders. One should always verify the legitimacy of the email messages received.

2.    Utilization of official apps. If the website one is trying to log in to has an official app, one should use it rather than the browser.

3.    Checking the permissions of all the downloaded apps. One should exert extreme caution when choosing which apps to download, as some apps may be requesting too much data, which could result in a violation of privacy.

4.    The URLs of the websites one visits should be manually typed in and subsequently bookmarked for future visits. This procedure eliminates typographical errors in the URL that can be directed to a phishing website.

5.    Installation of a security solution. Modern solutions for mobile devices enable secure access to data located in the corporate network, without the data ever being downloaded to the device. This eliminates the risk of phishing.

Conclusion
The direction of cybercrime is shifting towards the “post-PC” era, as cybercriminals follow where the users and their money go. Cyberattacks on mobile devices can be prevented by adopting mobile computing best practices.

no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment