Mobile phone users are far more vulnerable to phishing attacks than those accessing email and websites via a PC, according to new research.
The revelations come from Trusteer, who recently gained access to the log files of several web servers that were hosting phishing websites, the security firm said. Trusteer said that they were able to see how many users accessed the websites, when they visited them, whether they submitted their login information, and what devices they used.
The "always on" nature of mobile devices means that those users are more likely to read emails as soon as they arrive, and are therefore more likely to visit phishing websites. The usual phishing tactic of sending a message that implies a user’s account has been compromised often spurs the user into immediate action.
By contrast desktop users only read their emails once they are sat down in front of their PC, which can give security companies the chance to block attacks or take down websites.
The research also found that mobile users are three times more likely to submit their information to a phishing site than desktop users. Why? Trusteer suggests that it’s because it is harder to spot a phishing website on a mobile device.
Trusteer compared phishing attacks on an iPhone and a BlackBerry to look at why users may be more likely to fall victim to these attacks. When a fraudulent email arrives on a BlackBerry device only the sender’s name is included, not the email address. The company suggests this may lead users to thinking the email is trustworthy. After clicking on a link on a BlackBerry the user is asked if they want to continue to the address. However the smaller screen on the BlackBerry means that just the start of the URL is displayed, and a well crafted fake URL will look legitimate.
Apple’s iPhone device is similar but users don’t get asked if they want to access the URL; it opens automatically. However the user is then likely to experience the same issue with a legitimate-looking URL.
According to Trusteer, eight times more iPhone users accessed these phishing websites than Blackberry users. One potential explanation for this could be that BlackBerry users are more likely to be using their device for work and are therefore more aware of phishing attacks, according to Mickey Boodaei, Trusteer’s CEO.
"Although we don’t have any data to validate this theory, if in fact the iPhone is more commonly used in the private sector then this is a very plausible reason for these findings," he said. "Also, the message that Blackberry devices present when a user clicks on the link in a phishing email may discourage a certain percentage of victims from proceeding to the phishing website."
The simplest way to avoid phishing attacks on a mobile device is to not click on the URLs contained within emails, Boodaei added.
Trusteer offers secure browsing services and includes HSBC, PayPal, Bank of America and Alliance and Leicester as its customers. Its flagship product is Rapport, which aims to offer users increased protection when backing online.