Following analysis of hundreds of thousands of phishing websites security researchers have discovered a significant rise in the number of websites designed specifically for mobile phishing attacks.
- Previously, many phishing websites were device agnostic, set up to steal usernames and passwords regardless of whether the user was clicking the link from a computer or mobile.
- Cyber criminals have now cottoned on to the fact that the smaller screens of smartphones and other mobile devices make it more challenging for users to identify phishing emails and malicious websites.
- On smartphone screens it difficult to see the address of links. When using a laptop or desktop computer, the user can hover the mouse curser over the hyperlink, which can reveal the URL. This potentially alerts them to whether its malicious.
Smartphones users, however, are less likely to check where an email has really come from and more likely to click through if the phishing ‘hook’ is convincing. For instance, the sender address is more prominent on a desktop browser than on a mobile, meaning that unless a user really examines the email, they might not notice it's being sent from a fake address.
While many phishing attacks arrive by email, targeting mobile devices also offers cyber criminals an expanded variety of attack vectors including SMS messages, messaging applications, in-app chat links and more, all of which can be used to direct victims to malicious sites.
- Many of these mobile phishing websites are designed to look indistinguishable from the brand they're imitating. z
- Some of the top brands most commonly imitated by phishing websites include Microsoft, Amazon, Facebook and PayPal, as well delivery companies related to the region being targeted.
Users can help to protect themselves from mobile-phishing attacks by being cautious about what links they follow.
- If an email alert or text message claims to come from a company, rather than clicking the link in the email, it's safer to go to the actual website of the brand by using your browser and logging into your account from there.