The growth of mobile devices has increased the number of ways phishing continues to exploit unsuspecting users. More people than ever own a mobile device. People are on their phones all the time. You no longer only check your email from a computer. We read our inboxes on our phones and tablets every day. While mobile devices make the internet more accessible, they open up new opportunities for phishers and spammers. In fact, there are a several reasons accessing emails from our phones can actually make it easier to fall for a phishing attack.
We Spend More Time on Mobile Devices
People are spending more time than ever on their mobile devices. Screen time for mobile devices has increased dramatically. The average U.S. adult is expected to spend almost 4 hours on their phone everyday.
The reason is simple. We continue to do more things on our phones now than we did on a desktop computer ten years ago. Speed and power inside of smart phones is helping them grow as users' preferred way to browse the web, shop, stream video, and anything else you can think of doing on the internet. Not only is it more convenient to view a website on your phone, it is just as fast (you might even be reading this post on your phone). In fact, mobile devices are now responsible for over 50% of all web traffic.
What does all of this have to do with phishing? Well, phishers go where users go. If people are now spending more time on mobile devices, then phishers are going to target the devices that people are using more. This has led to the increase in mobile phishing attacks.
People Are Not Used to Mobile Phishing
People are getting a lot better at recognizing phishing emails. This is great news! We have come a long way and from falling for emails filled with typos from hotmail accounts. Raising awareness around phishing and the importance of basic security hygiene led to these changes.
Nevertheless, phishers are constantly changing their strategies. They are always working on new ways to improve the success rate of their attacks. When users catch on to their tactics, phishers switch them up.
While users are used to seeing phishing on their computer, most don’t or haven’t seen them on their mobile devices. Mobile devices are a new frontier for attackers and many users are not prepared. Simply put, people are more likely to fall for phishing attacks on mobile devices because they are not used to seeing phishing attacks on their phones.
Smaller Screens
Screen size matters. Mobile devices have a lot smaller screen sizes than desktop computers and laptops. The smaller size can make it a lot more difficult to spot a phishing attack. Tiny screen sizes make it trickier to read links and tell where they will take you. It is harder to spot a URL that uses a website domain that is similar to another domain. An example of this is a website: ‘goog1e.com’, here the domain has a ‘1’ instead of an ‘l’. This is not the actual Google website but on a small phone screen, it could be a lot harder to notice. Phishers can trick mobile device users into clicking on fake links that look similar to real links by taking advantage of the smaller screen size.
No Hovering on Links
Hovering over links lets users see where the link leads to without having to click on it. A cautious user can inspect a link without clicking and putting themselves at risk. This is a good practice and a safer alternative to clicking on the URL to find out where it leads. If you are going to click on a link, it is encouraged to hover over the hyperlinked text to make sure you are being taken to a legit website.
Mobiles devices do not have the ability to hover over links like on a desktop computer. Users of mobile devices cannot inspect where a link takes them without first clicking on it. This puts mobile users at a huge disadvantage. Their only way of finding out if a link is legit, is to click on it. This is unsafe because that link could take the user to a phishing page or download a virus.
Mobile Users Click on Everything
People on mobile devices are trigger happy when it comes to clicking on links, myself included. The internet has trained us to be this way. Websites are full of pop-up boxes and ads begging for our clicks. Twitter users ask us to click on links to their content from other websites. Instagram promoters want us to click links in their bio to view promos. Apps send out push notifications to get us to engage with their service by clicking the banner on our home screens.
We as internet users are so used to clicking on everything in front of us (often without reading it first either) that we don’t stop to think before clicking on links in phishing attacks. Phishers target people on their phone and expect them to click more generously than on desktop. Users don’t think twice about clicking a link in a text or email on their phone. Mobile users are less cautious and aware of phishing than desktop users.
Mobile Phishing with Text Messages
Attackers are always trying new attack methods. Recently, phishers began sending out phishing links with text messages. This is a new way that scammers approach their targets. Most people have not seen phishing attempts outside of emails. Catching users off guard is good for phishers because users will be more likely to take the bait. Text messages are effective for phishing because people have not seen phishing messages in a text before. The element of surprise is not the only leverage attackers have when they use text. Mobile users have less ways of deciding if a text is real or not.
Unsaved Phone Numbers
A good way to spot a phishing email is to look at the sender’s email address. A weary user will check the email address of a message before clicking. They are going to make sure the email is from an official company email. The point is to check that the email came from the company that is sending it to them.
On mobile devices, users don’t have this luxury with texts. You can not quickly look at a phone number and tell what company it came from without looking it up. Even then, a lot of companies use automated text message services and the phone numbers are not posted on their website.
Most people don’t have phone numbers saved for companies that send them messages. Think about it. When a service sends you a two factor authentication code or an order confirmation over text, you probably do not have that number saved. This is the case for most people. What does this mean? Mobiles users are used to receiving messages from numbers they don’t have saved.
Phishers can send messages over texts and people will not be suspicious to the fact that the text came from an unknown number. Users receive texts from unknown numbers all the time. Mobile users will be more likely to fall for a phishing scam over text because it is more difficult to verify who it came from compared to email.
Mobile Phishing Isn’t Going Away
Many people think that phishing only happens on email and that it could never come in the form of a text. This is not true. Phishing attacks can happen anywhere. Email and text are the most common places for phishing. However, phishing can also happen over the phone, on chat apps like Telegram, Discord, Slack, WeChat, or Facebook Messenger, on social media, and a lot more places. The opportunity for phishers is expanding rapidly as mobile devices lets us become even more connected. Phishing is no longer isolated to only desktop emails. Mobile phishing is here to stay and will not be going away any time soon. Mobile users need to be aware that phishing happens on their platform too and they need to take the same precautions on their phone as with a desktop.
Protect Yourself From Phishing Texts
Dont Text is a free iOS app for blocking spam texts. Dont Text allows you to protect your phone from spam and phishing texts. Download Dont Text and in seconds you can block annoying, pesky spam texts and shield your phone from mobile phishing attacks.