Phishing attacks now target smartphone users, security experts say

Businesses and entrepreneurs must be careful about using social networking applications on smartphones and beware of phishing attacks designed to steal private information, security experts have warned.

The comments come as Symantec’s security team has recorded a number of new targets used by phishing scams in order to steal credit card numbers and client information, such as blogs and video games.

The company wrote in a blog post internet users should be aware of the increased use of phishing attacks on smartphones, with scammers using fake social network applications to lure in unsuspecting visitors.

“Over the past year, the popularity of applications on social networking websites has increased dramatically. This has led to a new wave of phishing attacks targeting the users of these applications, promoting attractive offers to lure potential victims,” Matthew Maniyara wrote.

The post comes after social networks Facebook and Twitter have noted a number of new phishing attacks emulating actual websites, however, mobile applications used for phishing purposes are not so popular.

“Due to the rise in the number of users accessing the internet through smartphones, social networking websites have expanded their services on smart phones, including messaging, chatting, photo viewing, etc.”

“This increase in users has opened more doors to attackers because there are now more potential victims. Hence, attackers have created phishing websites on social networking brands claiming to provide these services on smartphones.”

Phishing works by creating a fake application or website which looks similar to the original, such as Facebook. The scam depends on users not noticing any small differences and then inputting their login details.

Gordon Maddern, senior security consultant at Pure Hacking in Sydney, says the use of smartphones is not going to decline and that users must become savvy about identifying potential threats, not depending on them to disappear.

“Absolutely these attacks will not go away. Their success depends on the user’s faults. The idea is to trick people, and as long as they are tricked… you will have your information being stored somewhere.”

Maddern says smartphone users must learn to identify fake applications, which could even be contained in email attachments.

“Basically, make sure what you’re using is from a trusted source. Make sure it’s a signed application with a certificate of authenticity on there. Look for anything suspicious, such as poor design, errors on the page, but the main thing is looking at that little padlock symbol in the address bar. Make sure that SSL certificate is valid.”

Meanwhile, Maniyara said users should beware of new target used by phishing scammers, including blogs and even games.

“Phishing websites that attacked blogging in social networking comprised 23% of all targeted applications. Various attractive blog topics are used in the login pages of the phishing site as a means of tricking end users. Pornographic material is one of the most common topics observed in these phishing attempts.”

“Gaming applications in social networking generally require various kinds of credit points to progress to higher levels of the game. Some of these credit points typically require online payment. The phishing websites trick users by providing fake offers of free credit points on these gaming applications.”

Maniyara said users should refrain from clicking on suspicious links, check URLs to make sure they belong to a brand such as “Facebook” or “Twitter”, type the domain name of a site you intend to visit rather than click links, and frequently update security software.

COMMENTS