Phishing attacks track mobile adoption, research shows

Phishing attacks on mobile devices are increasing as adoption of internet-connected mobile devices and services grows

The number of phishing attacks on mobile devices is increasing as adoption of internet-connected mobile devices and services continues to grow, Microsoft research has revealed.

The number of unique phishing sites blocked on Windows Phone 8 devices more than doubled from February to June 2013, analysis of data in volume 15 of the Microsoft Security Intelligence Report shows.

Microsoft gets information about phishing sites and phishing attempts from users who enable the Phishing Filter or SmartScreen Filter in Internet Explorer.

“For the first time ever the report contains data on phishing attacks and sites encountered by Windows Phone 8 mobile devices,” said Tim Rains, director of Trustworthy Computing at Microsoft.

“This data provides valuable insights into one of the ways attackers are trying to take advantage of the rapidly growing number of mobile devices coming online,” he wrote in a blog post.

Historically, phishing attacks have tended to target financial institutions and social networks more than other types of sites, said Rains.

But analysis of the data shows that in January 2013, attackers also begun targeting online services, with the volume of both phishing attempts and phishing sites more than doubling in the first half of 2013.

Across PCs and mobile devices, the number of active phishing sites that targeted online services increased steadily throughout the first half of 2013, from 15.4% of all phishing sites in January to 33.8% in June.

Attempted attacks increased commensurately, from 8.7% of all attempted attacks in January to 20.1% in June. 

But looking at the mobile data alone reveals that the popularity of social networking activity on mobile platforms is reflected in the phishing attempts reported by devices running Windows Phone 8.

The data shows that phishing sites that targeted social networking sites were responsible for more than three times as many mobile attempted attacks as all other phishing sites combined for most months in the first half of 2013.

The number of social networking impressions remained high throughout the period, even as the number of unique phishing URLs that targeted social networks declined by more than half between January and June.

The number of phishing sites targeting online services being accessed by mobile users increased significantly between March and June.

“Phishers generally don’t care what browser, operating system, or mobile device potential victims are using,” said Rains.

“Anyone who surfs the web and/or sends and receives email should be on guard for phishing attacks,” he said.

Standard advice by Microsoft on how to avoid phishing attacks includes:

  • Not clicking on links in email messages
  • Typing addresses directly into a browser or using bookmarks
  • Checking a site's security certificate before entering personal or financial information into a website
  • Not entering personal or financial information in pop-up windows
  • Keeping computer software current with the latest security updates.

Read more on Hackers and cybercrime prevention