SCCyberworld

Wednesday, March 20, 2013

Trend Micro warns hidden risks of mobile phishing on multi devices


[Kuala Lumpur – 11 March 2013] –Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in consumer digital information security, releases new findings of TrendLabs on mobile phishing. The research based on the observation of phishing sites during 2012 shows over 4,000 phishing URLs designed for mobile Web. The result highlights that mobile devices, including smartphones and tablets, are valid platforms to launch phishing attacks.

According to a recent research 1, 4 of 5 US users shop online via smartphone, and 52% of users browse websites2 on their gadgets, while 39% visit social networking sites or blogs.

“Users are slowly changing their habits on using mobile devices due to the efficiency and convenience smartphones and tablets provide.” mentioned Paul Oliveria, researcher of Trendlabs. “However, cybercriminals are also taking advantage of this consumer trend by using phishing sites, which are spoofed versions of legitimate sites, to trick users into disclosing sensitive information like usernames, passwords, and even account details.”

Trend Micro also found out in 2012, 75% of mobile phishing URLs were rogue versions of well-known banking or financial sites such as Barclays, while e-commerce and shopping sites, including the top phished entities PayPal and eBay, make up 4%. Once users are tricked into divulging their login credentials to these sites, cybercriminals can use these stolen data to initiate unauthorized transactions and purchases via the victim’s account.

“This trend in launching phishing attacks on mobile devices can be attributed to certain limitations of the platform itself,” Paul said. The small screen size in most mobile devices prevents users from fully inspecting websites for any anti-phishing security element. In addition, the majority of mobile devices use default browsers, so it is easier for cybercriminals to create schemes as they need only focus on one browser instead of many.

Another possible reason of this rising trend of mobile phishing goes back to the awareness of the users. Mobile device users need to understand that smartphones and other mobile devices are as capable as any desktop and need protection as well. These devices should be used more consciously and safely, or the mobile users will be exposed to the same threats that haunt PCs users.

Here are some tips from Trend Micro for users to protect themselves.

1 http://www.comscore.com/Insights/Press_Releases/2012/9/Retailers_Carving_Out_Space_in_the_M-
Commerce_Market
2http://www.comscore.com/Insights/Press_Releases/2013/1/comScore_Reports_November_2012_U.S._Mobile_Subscriber_Market_Share

 Use official apps only. Find the official apps of online banking or shopping website on the official website and download them. This makes it more difficult for cybercriminals to phish for your information.

 Avoid clicking links or opening attachments in emails from suspicious senders. The links and files within them can be malicious.

 Double check the webpage and its URL. There are legitimate emails that ask users to do email verification, but this is how phishing mails usually operate.

 Tap online browser’s address bar to fully display the website address. Scan for typographical errors or additional characters.

 Bookmark the often visited websites. It could lessen the chances of landing on a phishing website due to spelling mistakes.

 Get a mobile security solution. Trend Micro™ Mobile Security keeps the mobile devices and mobile data safe by identifying and blocking not only phishing threats, but also other web threats like malicious or high-risk URL and apps.

More tips on how to Protecting Yourself Against Mobile Phishing:

http://about-threats.trendmicro.com/ebooks/protecting-yourself-against-mobile-phishing/files/assets/downloads/protecting-yourself-against-mobile-phishing.pdf

More information on Trend Micro™ Mobile Security, please visit:
http://www.trendmicro.com/us/home/index.html#mobile-device-solutions

No comments: