TY - JOUR
T1 - Phishing, SMiShing & Vishing
T2 - An Assessment of Threats against Mobile Devices
AU - Yeboah-Boateng, Ezer Osei
AU - Amanor, Priscilla Mateko
PY - 2014/4
Y1 - 2014/4
N2 - This study is an exploratory assessment of Phishing, SMiShing and Vishing attacks against mobile devices. It examines the implications of end-user behavior towards mitigating the risks posed by using mobile devices for online services and facilities. Phishing is that socially engineered attack aimed at enticing unsuspecting users with familiar websites spoofed and purported to come from a legitimate organization or source. It lures the user to furnish the assailant with the user’s access credentials, for which privileged access would be gained to harm the user. SMiShing attacks also happen whenever text messages are sent for the user to either click on a link provided, which leads to a fraudulent website or for the attacker to get access to the user’s contacts and/or any other confidential information. Vishing is a voice phishing attack, whereby a voice call received from an assailant lures the target into providing personal information with the intention to use that information to cause harm. With the proliferation of smart phones, tablets and hotspots, these social engineering attacks on mobile devices are now prevalent. The study observed and strategically interviewed 20 end-users for their knowledge, perceptions and behavior when confronted with phishing attack situations. The results show that men are more comfortable and trusting on the cyber-space and thus more susceptible to phishing attacks than women. The results also indicate that most users are either slightly aware or not at all aware of Phishing, SMiShing and Vishing threats against their mobile devices. Interestingly, 55% would occasionally examine the messages received as perceived threats, whilst 35% would never or almost never scrutinize any messages. A taxonomy of ‘alluring” and “decoying” words used in phishing attacks is provided as a benchmark to end-users to guard against becoming cyber-victims. Of the most commonly used operating systems, the iOS was found to be the most susceptible to phishing attacks.
AB - This study is an exploratory assessment of Phishing, SMiShing and Vishing attacks against mobile devices. It examines the implications of end-user behavior towards mitigating the risks posed by using mobile devices for online services and facilities. Phishing is that socially engineered attack aimed at enticing unsuspecting users with familiar websites spoofed and purported to come from a legitimate organization or source. It lures the user to furnish the assailant with the user’s access credentials, for which privileged access would be gained to harm the user. SMiShing attacks also happen whenever text messages are sent for the user to either click on a link provided, which leads to a fraudulent website or for the attacker to get access to the user’s contacts and/or any other confidential information. Vishing is a voice phishing attack, whereby a voice call received from an assailant lures the target into providing personal information with the intention to use that information to cause harm. With the proliferation of smart phones, tablets and hotspots, these social engineering attacks on mobile devices are now prevalent. The study observed and strategically interviewed 20 end-users for their knowledge, perceptions and behavior when confronted with phishing attack situations. The results show that men are more comfortable and trusting on the cyber-space and thus more susceptible to phishing attacks than women. The results also indicate that most users are either slightly aware or not at all aware of Phishing, SMiShing and Vishing threats against their mobile devices. Interestingly, 55% would occasionally examine the messages received as perceived threats, whilst 35% would never or almost never scrutinize any messages. A taxonomy of ‘alluring” and “decoying” words used in phishing attacks is provided as a benchmark to end-users to guard against becoming cyber-victims. Of the most commonly used operating systems, the iOS was found to be the most susceptible to phishing attacks.
KW - Phishing, SMiShing, Vishing, Mobile Devices, Attacks, Cyber-victims, Social Engineering
M3 - Journal article
SN - 2079-8407
VL - 5
SP - 297
EP - 307
JO - Journal of Emerging Trends in Computing and Information Sciences
JF - Journal of Emerging Trends in Computing and Information Sciences
IS - 4
M1 - 6
ER -