Abstract
Phishing attacks continue to evolve in order to bypass mitigations applied within the industry. These attacks are also changing due to the attacker’s desire for a greater return on investment from their attacks against the common internet user. The digital landscape has been ever-changing since the emergence of mobile technologies. The intersection of the internet and the growing mobile user-base fueled the natural progression of phishers to target mobile-specific users. This research investigates mobile-specific phishing attacks through the dissection of phishing kits used for the attacks, presentation of real world phishing campaigns, and observations about PayPal’s insight into mobile web-based phishing numbers.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Hong, J. (2012), “The State of Phishing Attacks”. Communications of the ACM. 55, 1 (Jan. 2012), 74-81.
RSA Security, Inc. (2009), “Phishing, Vishing, and Smishing: Old Threats Present New Risks”. Retrieved November 21st, 2016. https://www.emc.com/collateral/white-papers/h11933-wp-phishing-vishing-smishing.pdf.
Halevi, T., Memon, N., and Oded, N. (2015). “Spear-Phishing in the Wild A Real-World Study of Personality, Phishing Self-efficacy and Vulnerability to Spear-Phishing Attacks,” Social Science Research Network. November 2015.
Aaron, Greg (2014), Phishing Activity Trend Report, 1 st Quarter 2015. Nov. 2016. http://docs.apwg.org/reports/apwg_trends_report_q1_2014.pdf.
Aaron, Greg (2015), Phishing Activity Trend Report, 1 st –3 rd Quarters 2015. Nov. 2016. http://docs.apwg.org/reports/apwg_trends_report_q1-q3_2015.pdf.
Aaron, Greg (2016), Phishing Activity Trend Report, 1 st Quarter 2016. Nov. 2016. http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf.
Moore, T., Clayton, R., and Stern, H. (2009). “Temporal Correlations between Spam and Phishing Websites”. In Proceedings of 2nd USENIX LEET. Boston, MA.
Moore, T., and Clayton, R. (2007). “An empirical analysis of the current state of phishing attack and defence”. In Proceedings of the 2007 Workshop on The Economics of Information Security. May 2007.
Nero, P., Wardman, B., Copes, H., and Warner, G. (2011). “Phishing: Crime that Pays”, APWG eCrime Researchers Summit, November 2011.
Prakash, P., Kumar, M., Kompella, R. R., and Gupta, M. (2010). “PhishNet: Predictive Blacklisting to Detect Phishing Attacks”. In Proceedings of INFOCOM’10, San Diego, California.
Zhang, Y., Egelman, S., Cranor, L., and J. Hong. (2007). “Phinding Phish: Evaluating Anti-Phishing Tools”. In Proceedings of the 14th Annual Network and Distributed System Security Symposium. San Diego, CA.
Egelman, S., Cranor, L.F., and Hong, J. (2008). “You’ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings”, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, April 2008.
Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J., & Zhang, C. (2009). “An Empirical Analysis of Phishing Blacklists”. Sixth Conference on Email and Anti-Spam. Mountain View, CA.
Apache. (2016). Apache HTTP Server Tutorial: .htaccess files–Apache HTTP Server Version 2.4. Nov. 2016. https://httpd.apache.org/docs/2.4/howto/htaccess.html.
Ferguson, E., Weber, J., and Hasan, R. (2012). “Cloud based content fetching: Using cloud infrastructure to obfuscate phishing scam analysis”. Proceedings of 8th World Congress on Services (SERVICES). IEEE, 255–261.
Cisco. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2015–2020 White Paper—Cisco. Nov. 2016. http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/mobile-white-paper-c11-520862.html.
Zakrzewski, C. Mobile Searches Surpass Desktop Searches At Google For The First Time | TechCrunch. Nov. 2016. https://techcrunch.com/2015/10/08/mobile-searches-surpass-desktop-searches-at-google-for-the-first-time/
Wardman, B. (2016). “Assessing the Gap: Measure the Impact of Phishing on an Organization”. 12 th Annual ADFSL Conference on Digital Forensics, Security, and Law. Daytona Beach, FL.
Wardman, B., Britt, J., and Warner, G. (2014). New Tackle to Catch a Phisher. International Journal of Electron Security and Digital Forensics 6,1.
Rivest, R. (1992). “RFC 1321 – The MD5 Message-Digest Algorithm. Internet Engineering Task Force. April 1992.
URLQuery. urlquery.net –Free URL scanner. Nov. 2016. http://urlquery.net/.
DynDNS. DynDNS and Managed DNS | Reliable DNS for your home and business | Dyn. Nov. 2016. http://dyn.com/dns/.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Wardman, B., Weideman, M., Burgis, J., Harris, N., Butler, B., Pratt, N. (2018). A Practical Analysis of the Rise in Mobile Phishing. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds) Cyber Threat Intelligence. Advances in Information Security, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-319-73951-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-73951-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73950-2
Online ISBN: 978-3-319-73951-9
eBook Packages: Computer ScienceComputer Science (R0)