Mobile devices have taken an essential role in the portable computer
world. Portability, small screen size, and lower cost of production make these
devices popular replacements for desktop and laptop computers for many daily
tasks, such as surfing on the Internet, playing games, and shopping online. The
popularity of mobile devices such as tablets and smart phones has made them a
frequent target of traditional web-based attacks, especially phishing. Mobile
device-based phishing takes its share of the pie to trick users into entering
their credentials in fake websites or fake mobile applications. This paper
discusses various phishing attacks using mobile devices followed by some
discussion on countermeasures. The discussion is intended to bring more awareness
to emerging mobile device-based phishing attacks.
References
[1]
CAPEC-164: Mobile Phishing. https://capec.mitre.org/data/definitions/164.html
[2]
Ashford, W. (2014) Phishing Attacks Track Mobile Adoption, Research Shows. http://www.computerweekly.com/news/2240215873/Phishing-attacks-track-mobile-adoption-research-shows
[3]
Kessem, L. (2012) Rogue Mobile Apps, Phishing, Malware and Fraud. https://blogs.rsa.com/rogue-mobile-apps-phishing-malware-and-fraud
[4]
Klein, A. (2010) The Golden Hour of Phishing Attacks. http://www.trusteer.com/blog/golden-hour-phishing-attacks
[5]
Symantec Internet Security Threat Report 2014, Vol. 19. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf
[6]
Todorova, A. (2010) “Phishing” Scams Cast Net on Mobile Banking. http://online.wsj.com/news/articles/SB10001424052748704343104575033380555965818
Morrison, D. (2010) Mobile Phishing Highlights Need for Greater Security. http://www.cutimes.com/2010/01/20/mobile
[9]
Jevan, D. (2012) Latest Threats against Mobile Devices. Information Systems Security Association. http://sfbay.issa.org/comm/presentations/2014/ISSA%20Marble%20Security_2014_0114.pptx
[10]
Wilson, S. (2014). Smishing, Yes It Is All Bad. http://www.zcorum.com/smishing-yes-its-all-bad/
[11]
Foozy, C.F.M., Ahmad, R. and Abdollah, M.F. (2013) Phishing Detection Taxonomy for Mobile Device. International Journal of Computer Science, 10, 338-344.
[12]
(2014) Hackers Target Wi-Fi Hotspots in New Phishing Attack. https://johnib.wordpress.com/2007/05/06/hackers-target-wi-fi-hotspots-in-new-phishing-attack
[13]
Johnston, S. (2013) How to Protect Yourself from Smishing and Vishing. http://money.usnews.com/money/personal-finance/articles/2013/09/19/how-to-protect-yourself-from-smishing-and-vishing
[14]
Yoon, J.W., et al. (2010) Hybrid Spam Filtering for Mobile Communication. Computers & Security, 29, 446-459. http://dx.doi.org/10.1016/j.cose.2009.11.003
[15]
Mahmoud, T.M. and Mahfouz, A.M. (2012) SMS Spam Filtering Technique Based on Artificial Immune System. International Journal of Computer Science, 9, 589-597.
[16]
Zhang, Y., Hong, J. and Cranor, L. (2007) Cantina: A Content-Based Approach to Detecting Phishing Web Sites. Proceedings of the 16th International Conference on World Wide Web, Banff, May, 639-648. http://dx.doi.org/10.1145/1242572.1242659
[17]
Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J. and Zhang, C. (2009) An Empirical Analysis of Phishing Blacklists. 6th Annual Conference on Email and AntiSpam (CEAS), Mountain View.
