Forgot your password?
typodupeerror
Crime Privacy Security The Internet IT Your Rights Online

Mobile Users More Vulnerable To Phishing Attacks 92

Posted by CmdrTaco
from the it's-the-tiny-fonts dept.
Orome1 writes "Trusteer recently gained access to the log files of several web servers that were hosting phishing websites. Analyzing these log files provided visibility into how many users accessed the websites, when they visited them, whether they submitted their login information, and what devices they used to access the website. As soon as a phishing website is broadcast through fraudulent email messages the first systems to visit it are typically mobile devices. Most fraudulent emails call for immediate action. For example, they usually claim that suspicious activity has been detected in the user's account and that immediate action is required. Most victims who fall for this ploy will visit the phishing site quickly."
This discussion has been archived. No new comments can be posted.

Mobile Users More Vulnerable To Phishing Attacks

Comments Filter:
  • Actual headline (Score:1, Redundant)

    by somersault (912633)

    So, after reading the summary, we can conclude that the actual headline should be:

    Mobile users more up to date with email than desktop users!

    *facepalm*

    • No shit.

      Big surprise, people who get their email immediately are more likely to be first to visit a phishing site before it's taken down.

  • by clone53421 (1310749) on Tuesday January 04, 2011 @01:22PM (#34755516) Journal

    If mobile users can’t tell the difference between real sites and fraudulent ones, that says something about the mobile device’s web browser, IMHO.

    • by Nadaka (224565) on Tuesday January 04, 2011 @01:27PM (#34755568)

      Mobile users are used to having their browser detected as mobile and being shunted off to a simplified and barely functional mobile page.

      It is one of the reason that I use firefox with a user agent fuzzer on my android phone.

    • The timeline goes something like this:

      1. Phishing email is sent out.
      2. Desktop users won't check their email for several hours, because they're at work/away from their desk/in a meeting, but mobile user gets email immediately, because their device is on their belt.
      3. Mobile user provides username/password to fake site.
      4. Site gets noticed by server admin and taken down.
      5. Desktop user gets to their computer, reads email, checks site, and finds "404 - page not found".

      In other words, there's no story here.

  • My current mobile device, an iPhone, has a terrible native email client. There is no way to use text-only, view headers, or use pgp. I won't be surprised when a new email worm turns up that takes advantage of an image library that the iPhone mail.app uses. At least if I could view in text-only mode I wouldn't have to wait to click on suspected SPAM until I get to a real computer (Hey, you never know, "1 long 4u" might be an old girlfriend, not viagra SPAM).
    • The article is wrong about the Blackberry. You can set it for text-only email, and if you highlight the "From:" field you'll see the sender's address in a tooltip. I'm quite pleased with email on the BB, and using the Bolt browser, BBSSH for ssh logins, RepliGo Reader, and just a few other carefully chosen apps the BB is pretty awesome. Of course it doesn't have the huge screen of a Droid or iPhone (they always seem to be cracked anyway within a few months, don't they?), but there's really no comparison if
  • The term is not "vulnerable". Users are only vulnerable to real world things. Users are however, *gullible* and *susceptible" to phishing ploys. Especially iPhone users, apparently. *facepalm*

  • by Anonymous Coward

    There seem to be a lot of intervening variables (between "gullible" and "mobile user") which are unaccounted for in TFA.

    Most of those are also likely magnified when "mobile user" is further reduced to "iphone user".

  • by Anonymous Coward

    Mobile users have crummy email browsers that don't display full headers. Film at 11.

    Sheesh.

    • So much talk about headers in this discussion, but spoofing email headers is really not that hard. The real answer is don't click on links in email for anything that in any way involves the use of financial services of any description. I shop amazon (on a computer) all the time, and I don't even click on links in emails they send me. Why would I need to? Only takes a moment to login manually via https. And just because your carrier provides a "mobile banking" app doesn't mean they provide a secure enough n
  • If I have the time, I always visit a new phishing site and put in bank details. Not real ones, obviously. I'm hoping that maybe there is a slim chance that somewhere out there, I might have just annoyed a phisher.

Science is to computer science as hydrodynamics is to plumbing.

Working...