Mobile phishing on the rise, warns Trend Micro

By Digital News Asia March 18, 2013

TrendLabs finds over 4,000 phishing URLs designed for the mobile Web
Users need to understand that mobile devices need protection as much as desktops

Mobile phishing on the rise, warns Trend Micro TREND Micro Inc has found that mobile devices, including smartphones and tablets, are fast becoming ‘valid platforms’ to launch phishing attacks.

New research by its TrendLabs unit when it looked at phishing sites during 2012 shows over 4,000 phishing URLs designed for the mobile Web, the company said in a statement.

According to recent research by comScore, four of five US users shop online via smartphone, and 52% of users browse websites on their gadgets, while 39% visit social networking sites or blogs.

“Users are slowly changing their habits on using mobile devices due to the efficiency and convenience smartphones and tablets provide,” said Paul Oliveria, researcher at TrendLabs.

“However, cybercriminals are also taking advantage of this consumer trend by using phishing sites, which are spoofed versions of legitimate sites, to trick users into disclosing sensitive information like usernames, passwords, and even account details.”

Trend Micro also found out that in 2012, 75% of mobile phishing URLs were rogue versions of well-known banking or financial sites such as Barclays, while e-commerce and shopping sites, including the top phished entities PayPal and eBay, make up 4%.

Once users are tricked into divulging their login credentials to these sites, cybercriminals can use these stolen data to initiate unauthorized transactions and purchases via the victim’s account.

“This trend in launching phishing attacks on mobile devices can be attributed to certain limitations of the platform itself,” Oliveria said.

The small screen size in most mobile devices prevents users from fully inspecting websites for any anti-phishing security element. In addition, the majority of mobile devices use default browsers, so it is easier for cybercriminals to create schemes as they need only focus on one browser instead of many, Trend Micro said.

Another possible reason of this rising trend of mobile phishing goes back to the awareness of the users, who need to understand that smartphones and other mobile devices are as capable as any desktop and need protection as well.

These devices should be used more consciously and safely, or the mobile users will be exposed to the same threats that haunt PCs users, the company added, providing some tips:

Use official apps only. Find the official apps of online banking or shopping website on the official website and download them. This makes it more difficult for cybercriminals to phish for your information.

Avoid clicking links or opening attachments in emails from suspicious senders. The links and files within them can be malicious.

Double check the webpage and its URL. There are legitimate emails that ask users to do email verification, but this is how phishing mails usually operate.

Tap online browser’s address bar to fully display the website address. Scan for typographical errors or additional characters.

Bookmark the often visited websites. It could lessen the chances of landing on a phishing website due to spelling mistakes.

Get a mobile security solution. Trend Micro™ Mobile Security keeps the mobile devices and mobile data safe by identifying and blocking not only phishing threats, but also other web threats like malicious or high-risk URL and apps.