NEW YORK — The instant connectivity of e-mail on a mobile device can be a blessing and a curse, especially when it comes to visiting phony websites.
Trusteer recently gained access to the log files of several web servers that were hosting phishing websites. The company said its analysis of the log files provided visibility into how many users accessed the websites, when they visited them, whether they submitted their login information, and what devices they used to access the website.
The key findings from these logs:
1) Mobile users are the first to arrive.
2) Mobile users accessing phishing websites are three times more likely to submit their login info than desktop users.
3) Eight times more iPhone users accessed these phishing websites than BlackBerry users.
As soon as a phishing website is broadcast through fraudulent e-mail messages the first systems to visit it are typically mobile devices. Trusteer said this makes sense since mobile users are "always on" and are most likely to read e-mail messages as soon as they arrive. Meanwhile, desktop users only read messages when they have access to their computer. Another factor is most fraudulent e-mails call for immediate action. For example, they usually claim that suspicious activity has been detected in the user's account and that immediate action is required. Most victims who fall for this ploy will visit the phishing site quickly.
The first couple of hours in a phishing attack are critical, Trusteer explained. After that time, many attacks are blocked by phishing filters or taken down.
Most users who access phishing websites do not submit their personal information. Some submit fake information. However, compared with desktop users, mobile users are three times more likely to submit private information once they access a phishing website. Why do mobile users trust phishing websites more? One explanation Trusteer offered is it may be that it is more difficult to spot a phishing website on a mobile device than on a computer.
Trusteer's recommendations:
• To mobile users-never click on links in e-mail messages, since it is difficult to determine who sent the message, what the destination address is, and what consequences may occur (phishing, malware, scam, etc.)
• To financial institutions-when members or customers access a web application using a mobile device, present them with a noticeable welcome message that reminds them to:
• Never click on links in e-mail messages or on the web that claim to take them to the credit union's or bank's website.
• Always type the CU's/bank's address in their browser.
Download a secure mobile browser that can protect them against mobile threats.
