Standing in 2018, one doesn’t need to re-iterate phishing and why it’s a threat to mobile users. Last year, phishing was the major news all over newspapers and TV channels involving security breaches at random. A market study shows how more than 8o percent of organizations have suffered phishing attacks, some of them weren’t even aware of it. So, wherein lay the problem? Why do we just give in to phishing pulling harm in our way all by ourselves? Let’s find out, nice and easy.
Https doesn’t mean trustworthy
In 2017, a large number of mobile phishing attacks were traced back to HTTPS sites which on an average is being created in a time span of less than two minutes, globally. With already thousands of phishing campaigns infecting the internet, there are countless measures for security which renders SSL certification to be the mark of a secure site. Now, you might not have heard about letsencrypt.org which makes it extremely easy to extract SSL certificate for the web pages, which in turn is a boon for cyber criminals.
Never miss to inspect URLs
A typical approach by a sophisticated phisher is to try and extract all personal data involving the victim to masquerade a phishing link appear as a URL that looks legit. What makes this method a rewarding phishing tactic is your smartphone, no matter how big is, has less screen space which obstructs full visibility of the link in the browser. Also, there are subdomains which are very tactfully named for instance like using foreign characters. Much before you know it, you have already clicked on the phishing link and have contributed to the heinous scheme that, is being played.
Oversharing is never a good idea
LEVEL 2017, which happens to be one of the biggest events targeted at mobile security saw Jamie Woodruff, an ethical hacker depicting how smooth it is for a phisher to go ahead with infiltrating just by collecting basic details via social media. Once a phisher manages to get his hands on your email id, half the job is done. A simple run and check across Facebook would further strengthen his method. In a recent incident of Trip Advisor phishing, a director of a large corporation was targeted following a tweet stating his hotel stay with name and location. The director received a string of phishing emails posing to be trip advisor and asking the person to leave a review of the place on the site with other details.
Don’t forget to check out our follow up story, where we mull over security tips to keep phishing scams at bay.