what types are there
Phishing attacks on mobile phones do not come only by one way, nor are they of a specific type. As you will see, there are several methods that cybercriminals can use. All of them will be oriented in the theft of passwords and personal informationbut there are differences between them and in the way they are executed.
SMS or Smishing
The first, one of the most present in mobile phones, is the SMS phishing or also known as smishing. In this case, the attacker is going to send a text message to the victim’s mobile, where he will look for him to click on a link and thus execute the attack to achieve his goal.
A clear example is a Phishing attack that arrives by SMS and pretends to be from a bank. They ask to log in to solve a problem, for example, but it is actually a scam. By clicking on the link we will end up on a page that is a copy of the original and everything we send will go to a server controlled by the attackers.
It is also very common to receive an SMS where they tell us that a package that a certain transport company is going to send us could not be delivered. This especially increases at times like Christmas. It is exactly the same as the case of bank Phishing and it will also seek to steal personal data and passwords.
By mail
The classic type of Phishing is through the email. This is not exclusive to the mobile, of course, but the fact of using these devices more makes it more dangerous. Any e-mail we receive can be opened directly from the mobile. And it is precisely in this type of device where we can make the most mistakes.
If we receive an email and read it on mobile, we are more likely to end up clicking on a fraudulent link than if we open it on a computer, where we are more careful and can also better identify fraud. That is why hackers have a good opportunity here and it is a method that, together with SMS, is very present.
In the email message they can use any strategy. For example, tell us that there is any problem with a social network, such as Facebook or Twitter, and we have to access our data. Also some failure with the mail itself or any other online service.
Spear Phishing and Angler Phishing
Phishing attacks are usually generic. That is, we receive an email or an SMS without it being really addressed to us. We are going to receive something of the type “dear user”. Although they already have a significant chance of success with that alone, it is even higher when they send out the more personalized attacks.
That’s what Spear Phishing does. It is basically an attack like the previous ones, but they go addressed to the name of the victim. That SMS or e-mail will be more personal, so attackers will have a greater chance of success. After all, a person will be more interested in opening a link if they have received a message in their name.
Angler Phishing goes one step further. Not only are they going to send a Phishing attack to the name of the victim, but they are going to create a very well-orchestrated attack. In this case they will get information Mainly through social media. For example, find out where the victim works, where he studies, what interests he has… Based on all this, they will create a profile of the victim and they will know how he is most likely to fall into the trap.
Vishing
A type of mobile Phishing that has also grown a lot in recent years is what is known as Vishing. In this case, it is not about text, but about a phone call. By means of voice, the attacker will simulate something that is not with the aim of making the victim give up their data and fall into the trap.
For example, he could pose as an employee of a bank where the victim has an account. It tells you that there is an error with your account and that they need some information. They may even tell you there has been an attack on your bank account and they need to fix it so they don’t get your money stolen, but in order to fix it they have to log in with your password.
The victim, nervous to see how their account could be compromised, trusts that call and provides the information requested by the attacker. This sometimes includes two-step authentication codes, so the cybercriminal will have full control over the account.
QRishing
Surely on some occasion you have gone to a restaurant and you have seen the menu through the mobile with the QR reader. Also when visiting a monument or any place with an information panel. Its operation is simple: you use the mobile camera and an application to read a code that takes you to a web page.
What the attacker does is modify that QR code. He will pretend that it is legitimate, but in reality he will refer the victim to a fake page, where he will steal personal data and passwords. These codes can be placed in a restaurant, a monument or any place where there should be another one that is legitimate.
How to avoid these attacks
As you have seen, there are different Phishing attacks that can affect a mobile. They can steal your passwords or personal data through different methods. That is why it is essential to be protected and avoid being victims of that problem. We are going to give a series of essential tips.
Common sense
Without a doubt, the most important thing to avoid Phishing on mobile phones is common sense. Is essential not make mistakes that can affect us. For example, take a good look at where we click, what SMS or e-mail we have received, where we open a QR code, etc. Generally hackers will need us to make a mistake and in the case of Phishing it is essential.
Therefore, if you avoid errors, if you browse the Internet carefully observing the URLs of the pages you visit or links you open through an SMS, you will avoid falling into the trap. Here observation is going to be essential, so you must be alert at all times and detect any indication that something strange is going on. And always in case of doubt, it is better not to open a link.
Protect mobiles
Of course, an also important tip is protect mobile phone correctly. This will help you detect possible threats that arrive through e-mail, SMS or if you have mistakenly fallen into the trap and downloaded a malicious file that you thought was a legitimate document.
A good antivirus will help you to always be more protected. There are many options, both free and paid. However, we always recommend that you download them from official stores, such as Google Play, and carefully review comments from other users and do not install an insecure application.
Activate two-step authentication
Mobile phishing attacks are usually aimed at stealing passwords. What is the best barrier to avoid problems even if they know what the key is? No doubt the two-step authentication. It is an extra security barrier that will force the attacker to take a second step to enter, which is usually a code that we receive via SMS, mail or application.
This will allow us to further protect our accounts. We will be more prepared to deal with a Phishing attack and it would give us room to change the password before the attacker could enter the account and steal information or act on our behalf.
In short, Phishing attacks on mobile phones are a major problem for which we must be prepared at all times. We have given a series of tips to prevent security problems of this type, as well as the different types of attacks that can affect when using the mobile and that will compromise privacy and security.