fbpx

Phishing Attacks Are on The Rise For Mobile Users

Image by Anastasia Gepp from Pixabay

Phishing is defined as follows by the Merriam-Webster dictionary, ‘… A scam by which an Internet user is duped (as by a deceptive email message) into revealing personal or confidential information which the scammer can use illicitly.’  Phishing is ubiquitous; crafty con artists are continually conjuring up sophisticated scams to deceive unsuspecting users into revealing personal, sensitive information. Most of the time, phishing scams involve online banking, money transfer services, or cryptocurrency-related operations. By imitating authentic websites, SMEs, and individuals, phishing scams are designed to trick you into revealing personal information, thereby compromising the integrity of your ID, and accounts.

One way to guard against mobile phishing attacks is a comprehensive website safety check which automatically tests a specific URL, IP address, or website for security. You simply input the IP or URL of the site and perform an instant web security check. If the URL is safe to access, it will be listed in green and marked accordingly. If it is unsafe, a warning is issued, and the URL is marked as unsafe. This is the easiest possible way to prevent a phishing attack from a URL, website, or link that looks legitimate on your mobile phone.

Free $100 Amazon Gift Card from Dridex?

During 2020, a glut of phishing scams on mobile hit the scene. One such scam involved Amazon Gift Cards, delivered courtesy of Dridex. According to tech aficionados, the Amazon Gift Card Scam sends hapless victims an email claiming to be delivering a gift to them from the iconic E-Commerce brand. The gift includes a $100 Amazon gift card as a token of appreciation. Excited users then proceed to download the gift card, ultimately delivering nothing more than a Trojan virus.

Several delivery vectors are available through this particular phishing scan, including a screensaver file, which bypasses email filters, an infected Word document which requests users to enable the embedded macros, and the third option is a simple VBScript file, courtesy of a malicious link in the email. These three channels used by Dridex have proven to be exceptionally effective at delivering bolus after bolus of viral content to users. This banking Trojan (malware) exploded onto the scene in 2012, and has remained active ever since.

Internet security consultants caution against opening up suspicious links, particularly email links from unknown users, or from anyone promising ‘clickable and downloadable’ free gifts, at any time. One of the tell-tale signs of a phishing scam which purports to come from a reputable source is the text, imaging, and URLs of the content itself. If anything is amiss, or out of the ordinary, stop and check yourself before you wreck yourself. Any time personal, sensitive information is required from an unknown source, it’s likely a phishing scam.

Vaccine Procurement & Distribution Chains Suffer from Phishing Attacks 

Few people could think of anything more reprehensible, or repugnant than a phishing attack on a charitable vaccine project. But that’s precisely what took place in December 2020. Cybercriminals will stop at nothing in their attempts at defrauding unsuspecting victims. Clearly, they have no morals and ethics, or they wouldn’t be doing what they’re doing. Recently, the IBM Security X Force uncovered a heinous plot which was targeting companies throughout Asia and Europe. The fraudsters pose as executives from China, for the cold -chain logistics industry. Since vaccines typically require subzero temperatures for storage purposes, this sophisticated phishing scam has already proven highly effective.

The attackers are causing major disruptions to the supply chain, via the logistics network. By infiltrating high-ranking members of companies, including those responsible for the procurement of vaccines, and their distribution, this scam purportedly from China’s Haier Biomedical installs malware as soon as the document is opened. While seemingly legit, the email requests are completely fraudulent, and not in any way associated with the World Health Organization, the Bill and Melinda Gates Foundation, or the World Bank. The high-level targets for this phishing scam are largely SMEs across Southeast Asia in countries like Singapore, Taiwan, South Korea, and other European nations such as Belgium, Germany, Italy, and the Czech Republic.

How Rampant Is Mobile Phishing?

In 2017, mobile phishing attacks grew at a staggering rate of 65%. They have not slowed down since. In 2020, hundreds of thousands of Ledger subscribers (cryptocurrency storage wallet) were attacked via mobile text messages, and email. Mobile users typically have 2 weaknesses against phishing attacks, notably when using these devices outside of the corporate network. Phishing attacks that occur on these devices are much more likely to succeed, given the lack of business network-backed security protocols. The other security gap occurs via SMS messages which are divorced entirely from email service. Employees, managers, and executives can easily mistake a phishing text message for the Real McCoy, and accidentally click on it. 

Mobile phishing is particularly devastating when it occurs over social media, such as WhatsApp. Various malicious apps are duping scores of unsuspecting users. If you download these apps from platforms other than the Google Play Store, or the App Store, they may not be fully vetted for safety and security purposes. WhatsApp is particularly vulnerable to phishing – what is known as Whishing – in Whatsapp parlance. Other malicious apps are targeting mobile devices, particularly those which have been downloaded onto these devices. They all work the same way to steal, defraud, and attack your mobile device. Any time a user is directed away from an official download app store to an unofficial one, the potential for phishing attacks grows. 

Social media platforms including Instagram, LinkedIn, Facebook, and Twitter are common. Since so many users access social media from mobile phones, there has been a marked rise in phishing on mobile in recent years.