Are mobile devices to become the bastion of phishing identity theft attacks? That very well could be the case according to a paper by UC Davis', Yuan Niu, called iPhish: Phishing Vulnerabilities on Consumer Electronics. The researches believed that the restricted presentation of information in smaller mobile and game system browsers makes it much easier to fool users into visiting phishing sites. This was confirmed by creating a fake Bank of America site that fooled iPhone Safari browser test users. Identity theft is a hot topic of the new book, Zero Day Threat, by USAToday reporters Byron Acohido and Jon Swartz. Their book explores how design decisions, such as this recently revealed flaw, get by corporate product makers and put their customers at risk of identity theft.
One of the best ways to prevent phishing attacks is to look at the URL where the link is taking you. If it contains an IP address, is a site that doesn't match where you expect to go, or the site's URL is embedded in a link to another suspicious site, there's a good chance it's a phishing attack. At a minimum, you should be very suspicious and use extra precaution.
Mobile and smaller game system browsers don't have room to display long URLs, or they may not even show the URL to the user. That's a prime opportunity to throw in a funky URL that takes the user to some other site, and get them to enter their user id, password or other personal information. The researchers have their recommendations for displaying URLs to help make them more phishing-resistant, or use a proxy server which could filter out phishing sites.
This is some very valuable research and I applaud the UC Davis team for their work. I also highly recommend Byron's and Jon's book.
Like this? Here are some of Mitchell's recent posts.
Xobni Rumored As Next Microsoft Acquisition
This Spreadsheet Brought To You By Crest
"The Boss" Loves Vista SP1
Live Mesh and Windows 7 Revealed
Danger-Could It Mean An iZune?Mitchell's Hottest Blog Posts:
Google Scoops Microsoft-Delivers Mesh First
Hyper-V Leaves Linux Out In The Cold,
Apple Fixes Open Source Vulnerabilities,
What Microsoft Mesh Means To You,
Apple iPhone Doomed To Failure.Check out Mitchell's Converging On Microsoft Podcast. Current Podcast Episode: Security Mike Gets Serious About Security
Also visit Mitchell's personal blog The Converging Network and SSAATY Security Podcast.
Visit Microsoft Subnet for more news, blogs, opinion from around the Web.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Mitchell Ashley is principal consultant at Converging Network LLC where he provides product, technology and social media consulting to emerging technology companies. A successful CTO and product innovator, Mitchell has created many successful, award winning products in the networking, security, convergence, Internet and IT industries. In addition to blogging for NetworkWorld, Mitchell regularly blogs at TheConvergingNetwork and co-hosts the widely popular StillSecure After All These Years podcast.
Subscribe to Mitchell Ashley's Converging on Microsoft feed
The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Post new comment