Mobile Phishing: How to avoid getting hooked

Don't let scammers catch a big one

TODO alt text

Phishing, or using false URLs and other measures to gain access to user accounts, bank details and private information, is nothing new.

As long as there's money to be made trying to fool us into giving up details that should remain private, illicit types will try just about anything that might work, because even one positive hit could make it all worthwhile to them.

Mobile Phishing is still in its infancy, but it's on the rise, with 2012 figures from Trend Micro suggesting that some 4,000 fake phishing sites identified were specifically targeting mobile users.

That's still a growth industry - only around one per cent of the total number of dodgy sites spotted - but it makes perfect sense when you think about the shift in recent years towards mobile devices. The kinds of tasks we used to do only sitting at a desk and keyboard are typically only a tap or two away no matter where we happen to be.

Who's at risk, and why?

The malware industry follows where the money is; for the longest time that's been primarily targeting Windows PCs, but as users interact more frequently with mobile devices that are far more powerful than the PCs of less than a decade ago, there's a ripe market for the picking.

When you sit down at your desk, you're more likely to be thinking work and therefore dodging scams, but when you're rapidly tapping on your screen while waiting for a bus, you're less likely to be quite as vigilant.

Mobile Phishing
Backing up your device can help keep phishers away

Android has of late been the mobile phishing target of choice. That's not a particular slur on Android users and their ability to spot scams, but more to do with the relatively open nature of the platform and the resultant ability for phishing sites to additionally load their fake sites with malware that'll work across multiple Android devices.

That can lead to associated problems - stealing other data even from legitimate sites - as well as being a vector for malware to spread to other systems via your Android device.

That doesn't mean that iOS, Windows Phone or Blackberry users should smugly sit back and assume they're immune. At its core, a phishing attack still relies on you clicking on a link or entering information into a field, and that's something that can be done with even the most secure system if you're not being wary.

Protecting yourself from mobile phishing

So if the bad news is that mobile phishing attacks are on the rise, are there practical steps you can take to make your mobile devices phishing-proof?

There's no bulletproof solution, if only because so many phishing attacks require user action, usually involving panic and as such, the single best thing you can do is identical to that for regular phishing attacks: Use caution, especially when your money is on the line.

The same research that identified many mobile phishing sites noted that the vast majority were banking scam pages, suggesting it's money rather than identity information that is most sought after.

1. Concerned? Use another form of verification

If you get an email or SMS from your bank regarding some kind of dodgy transaction, by all means follow it up - but not by replying to the SMS or calling a number contained within it.

Financial institutions don't always have the friendliest bank branch hours, but most have 24-hour call centres to deal with fraud issues.

Look up the number separately - and hey, you've got a mobile device right in front of you --and call them, or send an email through. If it's a legitimate concern, they'll let you know securely; if it's a fake you'll be keeping your bank details safe.