Mobile devices are making us dumber – at least when it comes to security, according to research conducted by security firm Trusteer. Research published by the company found that smartphone and computer tablet users are three times more
susceptible to email phishing scams than traditional PC and laptop users.
Trusteer said a study it conducted of the log files of a number of servers known to be hosting phishing Web sites showed that users of mobile
devices were among the first to access phishing sites. They were also three
times more likely to submit log in information than PC and laptop users. And iPhone
users submitted their log in information eight times as often as Blackberry
users.
Trusteer arrived at that conclusion after comparing entries in the log files, which contained information on who accessed
the sites, when they accessed them, the specific devices being used to access
the sites, and whether or not a user submitted log in information to the site.
Trusteer said that it’s no surprise that users of ‘always on’ mobile devices were among the first to surf over to phishing Web sites.
As for why mobile device users are three times as likely to
submit their log in information, Trusteer concluded that it is more difficult to
identify fraudulent websites on a mobile device than on traditional desktop and laptop computers, many of which are now outfitted with anti-phishing programs. Blackberry and an iPhone users who visited phishing sites were much less likely detect them than their laptop and desktop using brethren. Part of the problem in identifying mobile devices may stem from their relatively small screen size. In HTML, when a link is embedded in HREF (hypertext reference) format, hovering
over it will reveal the entire link. If a link is long enough, it will appear
in a truncated format on an iPhone or Blackberry. So when a user hovers over it
with the cursor, only the beginning of the link needs to look legitimate,
because that is all a user will see.
Trusteer found the difference in effectiveness between the iPhone
and Blackberry negligible in detecting phishing websites, though the link between Blackberries and business use may make users of that device more cautious about visiting suspicious sites or entering their login-in credentials to such sites.
Trusteer recommends that mobile users avoid clicking on
links in emails since it is difficult to determine for certain who the message
is from, where the link goes, and what the consequence of clicking on it may
be. Furthermore, they recommend that banks should inform consumers about the
danger and prevalence of phishing scams directed toward mobile device users.
