Phishing attack on mobile platforms

Phishing attack on mobile platforms

This post is also available in: heעברית (Hebrew)

15052831_sRecent studies at major security firms disclosed that phishing activities has increased exponentially with cyber-crime targeting every sector of industry to government institutions and private citizens. 

RSA’s October Online Fraud Report 2012 revealed a large growth in phishing attacks, up 19% over the second half of 2011. The total loss for various organizations is estimated at $2.1bn over the past 18 months. Last year, around 33,000 phishing attacks were detected every month globally according to RSA.

According to AvIntel, since the beginning of 2013, security experts have observed a slowdown in phishing, perhaps because of better monitoring activities by major security companies. But do not be fooled because we’re observing a significant number of phishing attacks against mobile platforms.

The schema used for an attack is very simple and very efficient: users are mislead and hijacked via spoofed versions of legitimate sites. The idea is to trick users into disclosing sensitive information such as banking credentials, account details and other personal information.

Mobile users are privileged targets of cyber-criminals because of bad habits e.g. “jailbreaking” mobile devices, downloading apps from third parties, absence of defense mechanisms and poor awareness of principal cyber threats. What makes mobile platforms an easy target for phishing attacks can be attributed to limitations of the device itself.

A small screen in the majority of tablet devices compared to laptops or desktops prevents users from fully inspecting websites for any anti-phishing security elements. In addition, users usually use the default browsers on their mobile devices, which make it easier for cyber attacks. Instead of having to elaborate attacks for a multitude of browsers, cyber criminals focus on developing attacks for a particular default browser.

Despite the fact that today mobile phishing represents only a small portion of total phishing attacks (less than 1% of overall phishing) it is expected a rapid growth of criminal activities will increasingly target mobile platforms.

Airlines are using an increasing number of tablets in the cockpit and the cabin and if they allow the crew to use them for personal purposes then please require crews install defense systems on these mobile devices. We also recommend airlines to inform and train crews to keep installed apps updated. Crews should not download anything from third part app sites, absolutely avoid jailbreaking devices and, of course, avoid clicking on links contained in unsolicited emails.