Thursday, July 7, 2011

Phishers’ World in Your Cell Phone

Via Symantec Uber Security Response Blog -

Technologies in cell phones are advancing day after day, and so phishers are also seeking various means to exploit vulnerable cell phone users. The two key areas in which we can see this trend are, firstly, the increase in phishing against wireless application protocol (WAP) pages, and secondly, the use of compromised domain names that have been registered for mobile devices.

Many legitimate brands have designed their websites for cell phones or WAP pages. The difference between a WAP page and a regular Web page is that the WAP page uses reduced file sizes and minimal graphics. This is done for cell phone compatibility and also to achieve higher browsing speeds while the user is on the move. Symantec has recorded phishing sites spoofing such Web pages and has monitored the trend. In June, social networking and information services brands were observed in these phishing sites. In the example shown below, the phishing page consists of nothing more than a form asking for users’ credentials. (This is a typical design created for cell phones.) When a victim enters the required information, the phishing page is redirected to the WAP page of the legitimate brand. The phishing site in this case was hosted on a free Web hosting site.


The domain names used for websites accessed by mobiles devices commonly have a “.mobi” top level domain (TLD). These domain names are compromised and utilized by phishers to host several phishing sites. Over the past six months, about 65 percent of these phishing sites spoofed brands from the banking sector, whereas 19 percent were from the e-commerce sector and the remaining were from the ISP, social networking, and information services sectors.

The primary motive of phishers in these attacks continues to be identity theft. Targeting cell phone users is just part of a new strategy for achieving the same result.


In January 2011, Trusteer, makers of the Rapport security software, gained access to the log files of several web servers that were hosting phishing websites. Analysis of these logs yields some interesting insight:
  1. Mobile users are the first to arrive at the phishing website
  2. Mobile users accessing phishing websites are three times more likely to submit their login info than desktop users
  3. Eight times more iPhone users accessed these phishing websites than Blackberry users
While the data obtained by Trusteer is quite limited in scope, it does seem to reinforce the concern expressed by Symantec above – mobile phone users are as susceptibility (likely more susceptibility) to phishing as desktop users.

Compound that idea with the current lack of mobile phone security suites in general use (e.g. Anti-virus, Anti-phishing, etc) and you have a massive unprotected userbase which is more likely to act in a dangerous manner when mobile.

No comments:

Post a Comment