Mobile Users Most Likely To Visit Phishing Sites

New research finds eight times more iPhone users going to phishing sites than BlackBerry users

Smartphone users are the first to visit a phishing website via a phony email message and, once there, are three times more likely than desktop users to provide their login information, new research has found.
Trusteer, a provider of secure browsing services, studied the log files of several Web servers that were hosting phishing sites and found several trends that demonstrate just how vulnerable mobile users are to phishing. Eight times as many iPhone users had visited phishing sites than BlackBerry users had, according to the findings.
Why the lopsided victimization for mobile phone users? Mickey Boodaei, CEO at Trusteer, says much has to do with timing. Because smartphones are typically always on and at hand, these users are most likely to become victims of email phishes. And the first couple of hours of a phishing attack is key, since these sites typically get shut down or blocked after that time frame, he says.
Theres also the basic design of a smartphone: The smaller screen and address bar can inadvertently hide clues of a phony email or website address. We found that its very hard for most users to identify phishing websites and avoid accessing these sites. Most of the kinds of limitations are mainly due to the size of the screen and trade-offs with the [design of mobile interfaces], he says. You dont necessarily see the address bar the way you would see it in your PC browser, and you wont see signs that youve hit a protected or phishing website.
Another trend pinpointed by Trusteer is that smartphone users are three times more likely than desktop users to enter their login information on a phishing website. So if a phony banking site asks for their credentials, they provide them, for example. Im guessing this is because its harder for them to see the address of the website and that [it] doesnt match the address of their bank, Boodaei says.
In the BlackBerry, the From field doesnt include the senders address, just the name of the sender, such as Bank X. And in HTML messages, hovering over a link doesnt show the URL, Trusteer notes.
The iPhone has similar issues. But it doesnt ask the user if he or she wants to open the URL -- it does so automatically. And it comes with an address bar, but only shows the beginning of a URL due to size limitations, thus obscuring any clues of a phony address.
Boodaei says its not easy to explain why iPhone users were much more likely than BlackBerry users to go to a phishing site. Its most likely due to the different cultures of the smartphones, with BlackBerrys more likely issued by enterprises and iPhones being popular among consumers.
Trusteer recommends that smartphone users avoid clicking on links in email messages and instead type the known URL into their browsers. More details on Trusteers research is available
here
.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Mobile Users Most Likely To Visit Phishing Sites