Smishing
In recent years, hackers have moved away from traditional mediums like email. Instead, mobile phishing is their new approach, and they are targeting services like SMS, WhatsApp, Facebook, and fraudulent mobile apps.
Research has found that mobile users are more likely to fall for phishing attempts compared to their desktop-using counterparts.
The massive use of smartphones, tablets and mobile applications in our daily lives, for personal and professional purposes, turns them into essential tools that we trust and through which we are more likely to fall into traps set by hackers.
When a phishing email is opened on a PC, the user has the ability to hover over the link to see where it redirects and potentially identify a malicious URL (if it does not use the imitated company’s name, which is sometimes the case). On mobile devices, however, displaying the URL is not as obvious and intuitive, making this type of attack less noticeable.
The key to a phishing attack’s success in many of these scenarios is hiding malicious URLs, masking phishing sites, and hiding code. Here are some ways phishing can manipulate mobile devices:
1. The use of compromised websites to host phishing pages.
2. URL redirects, or URL forwarding, from a benign link. The URL would then redirect the user to a phishing site.
3. Multi-stage phishing attacks. This is a type of sophisticated phishing attack that involves a multi-stage phishing schemes that launches local files to evade existing security. It starts with a link sent in email that is not malicious but leads to what appears to be a benign site. Once that website is opened, the user performs a task and a local HTML file is downloaded to their computer or mobile device. When the user clicks on that file, a local HTML page is launched with a link to continue which sends them to the final domain where the phishing content is delivered.
4. SMiShing and mobile endpoint attacks. These mobile-specific attacks – often called SMiShing – are initiated in the form of a text message disguised as a communication from a bank or other potentially trusted brand than encourages a click-through to a phishing site where credentials are targeted. As mobile devices become more prevalent for work communication, the use of SMiShing has increased dramatically.
Where to go for more information or to get in contact with the CCP Team?
Please visit our website (www.ccpteam.com) or check us out on social media if you’re interested in learning more. As always, calling our office will result in hearing a friendly voice that is happy to discuss any questions you may have. We’ll keep pushing in the direction of excellence and look forward to those continuing partnerships that drive IT Success for Business.
