Mobile Users More Susceptible to Phishing

According to an investigation performed by Trusteer, a provider of secure browsing solutions, mobile users are three times more likely to fall victim to phishing attacks.

The company's researchers analyzed the access log of several Web servers that hosted phishing websites recently and got some very interesting results.

One was that mobile users reach phishing pages quicker than desktop users. This is likely because people keep their phones closer than their computers.

Therefore, mobile users can read phishing emails as soon as they arrive. And since phishing emails encourage immediate actions, they can be tricked into acting faster.

A different study performed by the company recently revealed that over 50% of phishing victims disclose their credentials during the first hour, while 80% during the first five.

Also, until desktop users get around to reading the phishing emails, the chances of the malicious URLs being added to blacklists increase.

Access logs showed that three times more mobile users exposed their data on phishing sites than desktop ones. An explanation for this, could be the lack of phishing protection on mobile platforms.

For example, BlackBerry devices does not display full addresses in the "From" field of email messages, only the name defined by the sender.

Also, hovering the mouse over linked text in an email does not display the destination URL. This shortcoming is tackled by prompting a confirmation dialog when the link is clicked.

However, this dialog has troubles displaying long URLs. Misleading links like "www.acmebank.com.vdgrtgrtgrtgrtgrtgrt.com" get cut after "www.acmebank.com.vdgrtgrt," leaving the user to believe that acmebank.com is the actual domain.

Furthermore, when the link is loaded inside the BlackBerry browser, the full address is not visible. The behavior is similar on iPhones, but with some differences.

There is an address bar visible in the iPhone browser, but it is limited in size and makes specially crafted links hard to spot. Also, there is no confirmation when clicking a link in email messages.

Trusteer notes that despite URL handling being similar on both platforms and BlackBerry having a higher market share in US, eight times more iPhone users accessed phishing websites.

The company recommends that mobile users "never click on links in email messages since it is difficult to determine who sent the message, what the destination address is, and what consequences may occur (phishing, malware, scam, etc.)"