Mobile Phishing: Myths and Facts

    Mobile Phishing Myths and Facts

    Mobile Phishing is one of the biggest unsolved cybersecurity problems today. This is because it is different and problematic on the mobile device.

    Let’s look at what Phishing is?

    It refers to the illegal practice of sending emails and pretending to be from a reputable organization to convince individuals to reveal personal information, such as account number, passwords/pin, and debit/credit card numbers.

    The most widely used phishing is where an attacker sends an email pretending to be someone else and tries to trick the recipient by logging into a website or downloading malware.

    Email spoofing is also preferred by attackers, where the email header is made in such a way that it appears to be sent by a trusted sender.

    Now let us see what Mobile Phishing is?

    When we add mobile into the equation, phishing extends beyond emails into MMS and SMS, messaging apps such as Snapchat, WhatsApp, and Facebook Messenger.

    Mobile devices are connected outside firewalls, lacking endpoint security solutions, and access new messaging platforms that are not used on desktops.

    Mobile users are most likely to fall for phishing as mobile UI does not identify these attacks, i.e. hovering over hyperlinks to show the destination page.

    Myths and Facts about Phishing:

    Myths Facts
    Current Phishing Protection is good for Mobile Devices Individuals can easily be tricked for falling for Phishing attacks on Mobile as compared to Desktop
    Mobile Phishing attacks can only be done through email Some apps are unknowingly accessing suspicious URLs and websites
    Mobile websites which appears with Locks in the Browser are Safe There is no Phishing Protection available in the market
    Not Clicking on Links will keep you safe 96 percent of businesses use spam filters to block attempts of phishing
    If the link is not sent by E-Mail, it is Safe Trojan-Downloader.JS.Sload is the most common malware in phishing emails

    Types of Phishing:

    1. Spear – It is done by sending an email to a specific individual or department within a company that appears to be from a trusted source.
    2. Whaling – A phishing attack was done on an enterprise’s top-level executive
    3. Clone – It is done by creating a nearly identical replica of a web-page or a message to trick the victim by making him think it is real.
    4. Vishing – It stands for “voice phishing” and it is done with the use of a phone. Here, the victim receives a voice message tricking him into a conversation.
    5. Snowshoeing – Snowshoeing is done by pushing out messages via multiple domains and IP addresses to bypass the email filters, reaching out straight to the inbox.

    Recommended For You:

    Web Designing Challenges in the Age of IoT

     Crypto Micropayments: Promising Future of Blockchain Transactions