Mobile phishing is on a dramatic tear; as more users spend time on mobile devices, it is a new beachhead for malware and bad apps to target them for phishing attacks and other forms of online fraud.
Mobile Phishing Social Media Phishing and Other Attacks
1. Augustine Fou- 1 -
Dr. Augustine Fou
http://linkd.in/augustinefou
July 2013
Mobile Phishing
2. Augustine Fou- 2 -
Mobile Attacks Rise
As users shift massively to mobile devices, so do the attacks
Source: IBM’s X-Force Trend and Risk Report
3. Augustine Fou- 3 -
Mobile Phishing 3x Desktop
Mobile users’ habits and the novelty of the medium means it
is still far more vulnerable than the mature desktop platform
Source: Mashable June 2011
4. Augustine Fou- 4 -
Mobile Phishing
Top Targeted Websites, 2012
Source: Trend Micro, Feb 2013
5. Augustine Fou- 5 -
Example of Mobile Phishing
Fake Paypal Mobile screen versus real one
If users don’t know what
the real one should look
like, then they can be
easily fooled into logging
in with their real
credentials on a phishing
site like the one pictured.
6. Augustine Fou- 6 -
Example of Mobile Phishing
Fake Amazon login screen
Mobile apps sometimes
require user to click a link
and then login. Adware and
malware apps can intercept
the link and present a fake
login page which looks
exactly like the real one.
Users don’t have the typical
visual clues to easily tell if
it is the real one or not.
7. Augustine Fou- 7 -
List of Attacks / Success Rate
Leveraging common behaviors in mobile; attackers are successful
Source: Felt and Wagner, Berkeley Research Paper
8. Augustine Fou- 8 -
So What?
On mobile devices, users don’t have the same
visual cues they usually have in desktop
browsers. Also, the novelty of the medium means
users don’t yet have the awareness and vigilance
to detect and mitigate new forms of attacks.
Sometimes, even anti virus software is not
enough. Users need to develop new habits which
protect their information and identity.
Augustine Fou- 8 -
9. Augustine Fou- 9 -
Related Slideshares
Mobile Apps -- Scary Permissions and Consequences
By: Augustine Fou, May 2, 2013
Many Forms of Online Fraud
By: Augustine Fou, April 20, 2013
Fake LinkedIn Profiles
By: Augustine Fou, July 11, 2013
Facebook Advertising Benchmarks
By: Augustine Fou, May 29, 2009
Augustine Fou- 9 -
10. Augustine Fou- 10 -
Dr. Augustine Fou – Digital Consigliere
“As more and more users spend time
online and on their mobile devices, they
are vulnerable to new forms of attacks.
Specifically phishing and apps that
request „all access‟on their devices.”
FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM)
MCKINSEY CONSULTANT
CLIENT SIDE / AGENCY SIDE EXPERIENCE
PROFESSOR AND COLUMNIST
ENTREPRENEUR / SMALL BUSINESS OWNER
PHD MATERIALS SCIENCE (MIT '95) AT AGE 23
ClickZ Articles: http://bit.ly/augustine-fou-clickz
Slideshares: http://bit.ly/augustine-fou-slideshares
LinkedIn: http://linkd.in/augustinefou