Mobile Phishing
By: Pierluigi Paganini

Emails are considerable as a primary vector for cyber-attacks against mobile devices, principal security firms revealed that phishing activities in the last few years have increased exponentially, targeting every sector from industry to government agencies. RSA’s October Online Fraud Report 2012 described an impressive increase in phishing attacks, up 19% over the second half of 2011. The total loss for various organizations sums up to $2.1 billion over the last 18 months; these are extraordinary figures that give an idea of the amplitude of phenomena.

2013 has started with an apparent reversal of the trend that is actually symptomatic of a dangerous phenomenon, to an apparent slowing of phishing activities on desktop PCs is paid with an increase of offensives that are targeting mobile platforms.

An increasing number of web sites are expressly designed to circumvent mobile users, targeting e-banking and e-commerce services, Trend Micro security firm observed that in 2012, 75% of mobile phishing URLs were rogue versions of popular financial and banking sites, meanwhile only a small percentages (4%) were related to sites try to trick online shoppers and social network users (2%).

Services hit by Mobile Phishing:

The methods of attacks are unchanged in respect to normal phishing. Users are misled and hijacked on spoofed versions of legitimate sites to trick them into disclosing sensitive information such as banking credentials, account details and other personal information that could be used in successive APT attacks. Further information regarding mobile security threats can be found in the mobile forensics course offered by the InfoSec Institute. Most targeted users are PayPal customers followed by other financial institutions clients such as Absa Internet Banking, Barclays and Wells Fargo.

Mobile Phishing Sites (Trend Micro):

The year 2013 presents itself full of challenges in mobile security, Android users will have to face a growing number of cyber threats of increasing complexity. The principal cyber threats will be originated by cyber-crooks wanting to steal sensitive information and intellectual property, but also cyber-espionage activities of governments and private actors have to be considered.

Among the main threats that will grow exponentially there are malware for scam purpose and phishing activities.

Keep update installed apps, do not download software from third part app stores, avoid jailbreaking operations and of course, avoid clicking on links contained in unsolicited emails.