Correlation
So there's a correlation between people who pay £70 a month for a mobile phone and people who trustingly give their details to criminals? Goodness me.
Mobile users are three times more likely to respond to phishing scams than their PC-using counterparts, according to stats prised from fraudulent websites. An analysis of logs from several phishing websites by transaction security firm Trusteer revealed that not only were they among the first visitors to arrive at a phishing …
I think the "8 times more likely" figure might be a bit skewed. Has this company taken into account mobile market share? Perhaps weight the percent of visitors using X OS by their reported percentile of online traffic?
Example (using made up numbers):
If iPhones contribute 40% of a mobile website's traffic, and BB only 10%, there's a 4-to-1 right there. So an 8-to-1 (8 times) visitor rate of iPhone to BB is actually only 2x as likely. Did these "researchers" actually provide such weights to their figures, or did they just assume that they sent phishes to exactly the same number of BB vs iPhone users and counted who visited...?
Absolutely. Having spent years educating friends and family on how to spot fraudulent e-mail in desktop and web applications, last year I got an iPad and was absolutely horrified at how the e-mail application renders messages. Masked URLs hidden from view, all-or-nothing rendering of remote images, suppression of e-mail addresses in favour of displaying only the "real" name, and -- perhaps inevitably -- full HTML rendering with no plain-text option.
At one point I had two e-mails in my Inbox, one from my bank and another from a phisher pretending to be my bank by pulling in graphics from the legitimate bank site. On the iPad it was literally impossible to tell them apart with a passive read. The only way to check the legitimacy of a link was to click-and-hold until the Cut / Paste menu appeared and displayed a miniature copy of the actual destination URL. But why would you even do that unless you were already suspicious?
Given how the iPad was being lauded at the time for its accessibility, ease of use and appeal to those folk not inclined towards using more traditional IT gear, I was very concened by the potential of its e-mail rendering to confuse the ignorant and naive. It's sad to say, but from this article it seems my concerns were not unfounded.
It's such a pity. iOS as a platform is probably one of the safest ways for the technically non-savvy to browse the sometimes murky waters of the Web. The browser and applications are sandboxed, the operating system itself reasonably resilient to attack. Iffy websites that would bring down or compromise an unprotected Windows box will do very little if browsed upon by mobile Safari.
And yet the weakest part of any security chain -- the user -- is rendered even weaker by Apple's choice to keep everything as simple as possible in the e-mail app and not permit customisation of the rendering. By doing so they've hidden from view any useful clues that what the user is looking at might not be what it seems.
If the iPad and future iOS devices continue to grow in popularity I can foresee a decline in the sort of phishing e-mails designed to make the user browse to malware-laden sites, and a return to the more traditional methods of simple social engineering. Why bother trying to compromise machines into revealing useful information, when it's easier than ever to fool the users into doing the exact same thing?
Yep, 'twas the home of online security and PINSentry, Barclays. I told them in a strongly worded e-mail why sending out official bank correspondence by e-mail complete with clickable links was a Very Bad Idea. I may even have mentioned the iPad scenario above. An awful lot of other customers took the opportunity to vent as well, if their PR people are to be believed.
And to be fair they did get someone to phone me back and apologise. As with so many things these days they claimed it was someone in corporate communications getting a bit trigger happy and not running things past the IT guys. Apparently those IT guys were not happy with the flack it generated, nor with the sudden flow of PR people coming to them with technical questions raised by concerned customers.
I'm surprised the incident didn't make it to El Reg to be honest, although I chose not to report it as they'd had the decency to apologise and did genuinely appear to be upset with the idiots who'd sent out the e-mails. Perhaps other customers felt the same way and gave them the benefit of the doubt.
It was a one-off and hasn't happened since.
The ultimate irony is that the e-mail in question was encouraging me to sign up for Online Banking. Which is odd, because the only reason they had an e-mail address for me in the first place was because I already had an Online Banking account.
I received a mailshot about an interesting Barclays promotional offer. Unsure if it was genuine, I emailed the Barclays customer email contact to confirm they had sent it. Their response was that they couldn't answer my question as their policy is not to discuss sensitive information by email...
"also found that eight times more iPhone users than BlackBerry users visited dodgy websites."
That's simply because unlike a BlackBerry, with the iPhone you actually can browse the net!!
Also this data is rubbish, to suggest a lesser intelligent set of people use iPhones is crazy, I think it's simply down to the fact that Apple own consumer market share so really you could assume anything from said apple-fanbois..
I suspect that "That's simply because unlike a BlackBerry, with the iPhone you actually can browse the net!!" was the AC's explanation of why his claim can be seen to potentially have objective validity.
Alternatively, see the NetApplications report for December (http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8) — iOS browser share is 1.69%, BlackBerry is 0.13%. So if the statistic were 'user of an iOS device' (rather than explicitly an iPhone) versus 'user of a BlackBerry', you'd expect to see exactly 13 times as many of the former falling for scams, all other things being equal.
It also might have to do with the gobsmackingingly insane sales strategy of suggesting that Apple is virus free. (anyone heard this shit in a store?) It literally promotes lax security, and the haughty and cavalier attitude towards safety is jaw dropping. The keys to the castle are not on a device. They are the accounts.
No surprise that with more market share Apple joins the fun and games they have mocked for so long. Lock up the front gate with a UNIX based OS? Fine, the criminals will come around the back...
What is not "suspected" as a reason why Blackberry's are less likely to go to a phishing site is that perhaps people don't like logging on to their bank from a corporate phone and incurring the "you used your corporate device for personal use and we pay for that data" wrath of IT. And getting the email on Blackberry, then waiting until you get to a computer may be too long a delay as the article suggests.
I think it could be down a point noted in the article where they state the URL is not as easily shown. Considering on a full fat pc of choice the URL bar is always present and you can easily investigate the URL if you are suspicious. Not so on my android where I have to scroll back to the top of the page if I fail to see the URL while it is loading.
Aren't they the folks behind Rapport - that dreadful piece of unnecessary, crippling bloatware that various UK banks are trying to thrust upon their online customers?
If so, I suspect that this bit of news is just a prelude to them trying to flog even more of their shiteware, this time ostensibly to protect people using mobile devices such as, oh I don't know, iPhones perhaps.
It's getting to the point where I'm almost beginning to prefer the virus writers, phishers and dumb skiddies to the AV snake-oil salesmen.
and have been to more than one phishing site from it - I just love entering false but authentic looking information into these sites.
I can't be the only one either, as lately there's been more than one phishing email I've received that has threatened legal action against those who enter false info.
Purchasers of mobile products tend to fall in to well defined groups. Equally their general buying habits form similar groupings.
It can be seen that notwithstanding a well publicised product having many 'compromises' AKA defects, it's support group has continued to purchase this defective product, seemingly armed with the knowledge that it has problems.
Since this particular group, and possibly others in support of alternate equipment, has shown such a predication for 'herd' purchasing it should not come as a surprise that they, too, show similar responses to other purchasing offers.
I don't think 'instant' mail is much of a factor since similar mail systems exist for laptops. It is the mental attitude that has the greater effect.
Now that many mail processors offer free and charged mail filtering mail attacks should decrease.
Of course if the OS authors made information access less automatic mobile terminals would be more secure.
id just like to say that i judge people on whether or not they own an apple product. its usually also a good indicator of how knowledgeable they are in terms of IT.
my judgement is usually justified as the person usually turns out to be a thick prick ;)
OOOOH THE HATE!