The number of phishing attacks on mobile devices is increasing as adoption of internet-connected mobile devices and services continues to grow, Microsoft research has revealed.
Microsoft gets information about phishing sites and phishing attempts from users who enable the Phishing Filter or SmartScreen Filter in Internet Explorer.
“This data provides valuable insights into one of the ways attackers are trying to take advantage of the rapidly growing number of mobile devices coming online,” he wrote in a blog post.
Microsoft phishing-related links
- Phishing Financial Institutions & Social Networks
- Phishing: Frequently asked questions
- How to recognize phishing email messages, links, or phone calls
- Enable or disable links and functionality in phishing email messages
- Safe browsing guidance
- Protecting the people in your organisation
- Guarding Against Email Threats
Historically, phishing attacks have tended to target financial institutions and social networks more than other types of sites, said Rains.
But analysis of the data shows that in January 2013, attackers also begun targeting online services, with the volume of both phishing attempts and phishing sites more than doubling in the first half of 2013.
Across PCs and mobile devices, the number of active phishing sites that targeted online services increased steadily throughout the first half of 2013, from 15.4% of all phishing sites in January to 33.8% in June.
Attempted attacks increased commensurately, from 8.7% of all attempted attacks in January to 20.1% in June.
But looking at the mobile data alone reveals that the popularity of social networking activity on mobile platforms is reflected in the phishing attempts reported by devices running Windows Phone 8.
The data shows that phishing sites that targeted social networking sites were responsible for more than three times as many mobile attempted attacks as all other phishing sites combined for most months in the first half of 2013.
more about phishing attacks
- Anti-phishing vital in Scada protection, says expert
- Phishing attacks cast wider nets in businesses
- Black Hat 2012: Phishing and social engineering penetration testing
- Don’t get spiked by a spear phisher
- Mitigate phishing attacks in the cloud: A how-to
The number of social networking impressions remained high throughout the period, even as the number of unique phishing URLs that targeted social networks declined by more than half between January and June.
The number of phishing sites targeting online services being accessed by mobile users increased significantly between March and June.
“Phishers generally don’t care what browser, operating system, or mobile device potential victims are using,” said Rains.
“Anyone who surfs the web and/or sends and receives email should be on guard for phishing attacks,” he said.
Standard advice by Microsoft on how to avoid phishing attacks includes:
- Not clicking on links in email messages
- Typing addresses directly into a browser or using bookmarks
- Checking a site's security certificate before entering personal or financial information into a website
- Not entering personal or financial information in pop-up windows
- Keeping computer software current with the latest security updates.