Mobile Phishing is one of the most popular sub-types of phishing, and it is one to watch out for. It is another way fraudsters try to trick victims into sharing personal information and its popularity has increased because of our heavy use of mobile devices. Smartphones, and our use of apps, pose the same phishing risks as any other online system we use, but they also have their distinctive threats which can sometimes be even more dangerous for victims, namely SMiShing and Vishing.
As the names indicate, these are SMS Phishing and Voice Phishing. These are methods used to fool a victim into providing personal information that cybercriminals can then use for identity theft or to steal money.
Both methods rely on social engineering to bypass sophisticated security hardware in several ways, most commonly via impersonation.
Ways to protect yourself
How can you detect mobile phishing and try to avoid becoming a victim? Below are a few tips on what signs might suggest you are being phished:
- Messages coming from unknown parties – Be cautious of these. They usually announce that you have won a prize or a large amount of money. Try and find out as many details as you can on your own, even searching on Google for the alleged organisation behind the ‘prize’ and contacting them separately to verify that the SMS is legitimate.
- Grammar or spelling mistakes – These are a well-known sign of phishing attempts. The criminals often use translation services when writing their messages, which is why there are often mistakes. Taking notice of how a message is written can help you detect danger.
- Do not be tempted to act urgently – A lot of scam messages or phone calls urge the potential victim to “ACT NOW!” stating that there is a time limit on the offer or creating a sense of urgency. This is a trademark of social engineering, where scammers try to create pressure and make the victims act without over-thinking things.
- Beware of URLs – Links that are part of messages are always dangerous. Make sure the message is something you have been expecting, or comes from a party you trust, otherwise do not click any links. They often redirect you to a malicious website or set-off a download of malware that can allow the attackers to take over your device.
The frequency of mobile phishing has increased over time, as a lot of us now use our mobile phones as our primary communications tool for both work and play. With the various lockdowns during 2020 and early 2021, due to the COVID-19 Pandemic, Australians made the most of being forced to stay-at-home by flocking to online entertainment. But it wasn’t all Netflix or Disney+. The digital world helped people to stay connected – either through social media, keeping up to date with the latest health advice, or attending Zoom conferences for work. People turned to their mobile devices more than ever before. In fact, Deloitte’s report on Digital Consumer Trends 2020 found that 52% of respondents had increased their smartphone usage and 35% had increased their time on social media throughout the pandemic.
Our reliance on mobile devices is likely to keep increasing, and alongside SMS messages, the threat is huge. Fraudsters also profit by taking advantage of the fact that many people do not know the risks of clicking suspicious links or sharing their personal information online.
One method criminals use to perform mobile phishing is by impersonating big brands, such as Apple Inc. ™
Here is a screenshot of a SMiShing attempt using Apple as its lure:
Notice that there are spelling and grammar mistakes (a comma instead of a full stop, “informations” and no capital for “inc”), which are not likely to occur in real messages from Apple. Also, the message comes from an unknown number and contains a link, which raises more suspicions.
What is needed to combat the scammers, is a proactive approach to mobile phishing. FraudWatch International security analysts actively monitor the internet for the purpose of gathering intelligence, understanding patterns of behaviour, and identifying current and future attack trends. We use all this information to support our primary objective of protecting client brands and we also share it with the broader community through articles like this.