mobile_phishing  - mobile phishing - Homograph Characters + “Free Flights”

Kacy Zurkus at the InfoSec group had the scoop on a recently reported by Farsight Security involving an internationalized domain name (IDN) “-based” phishing website that tricked mobile users into inputting their personal information.

The suspected phishing websites presented as commercial airline carriers – specifically Delta AirlineseasyJet and Ryanair – and offered tickets, fooling users with the age-old bait-and-switch technique.

Users were asked to respond to a series of seemingly innocent questions and then share the free offer with 15 of their WhatsApp contacts before being directed to the URL where they could access the free tickets. After Farsight discovered the first suspected Delta phishing site, it immediately informed the company. According to Farsight researchers, the websites were optimized for mobile and failed to work smoothly on desktop, leaving mobile users as prime targets.

It’s not unusual for phishing scams to use spoofed sites and homograph domains to fool unsuspecting users with trusted brand names. “Users, especially on smaller mobile screens, may not be paying close attention to the URLs or domain names of sites to verify their legitimacy,” said Dirk Morris, chief product officer at Untangle.

Despite having been around for a while, these types of attacks remain largely successful. “Studies have shown that 95% of web-based attacks use social engineering to trick users,” said Atif Mushtaq, CEO at SlashNext.

“These types of contest phishing scams have become increasingly sophisticated, in large part because people are getting trained by their organizations to recognize fake emails, giveaway scams or imposter websites asking for credit card or login details.”

Being duped by sophisticated phishing scams is not uncommon, but there are common signs to look for in phishing scams. What users need to remember is that nothing is ever really free, explained Ajay Menendez, executive director, HUNT Program at SecureSet.

“Check the ‘from’ email address for any signs that it might not be legitimate, and look for numbers instead of letters or common misspellings or letters that are inverted or missing. Poor spelling and grammar can be giveaways in the body of the email,” Menendez said.

“Your bank and other legitimate accounts will never ask for your social security number in an email. If you receive an email asking for this information, call your bank (and any other company who may be requesting this) to confirm. Never provide email, account information or passwords via email.”

“Many phishing scams will look very legitimate, he said, “so even if the email looks like it comes from your cable company, be extra cautious. This is an instance where an ounce of prevention is worth a pound of cure.”

https://www.infosecurity-magazine.com/news/mobile-phishing-campaign-offered


 KnowBe4 just updated Mobile Device Security – now available in 20 languages! 

Mob_Dev_Sec  - Mob Dev Sec - Homograph Characters + “Free Flights”

Want to see it? You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

ModStore01.png  - ModStore01 - Homograph Characters + “Free Flights”

The ModStore Preview Includes:

checkmark  - checkmark - Homograph Characters + “Free Flights” 74 e-learning modules
checkmark  - checkmark - Homograph Characters + “Free Flights” 50 micro-modules
checkmark  - checkmark - Homograph Characters + “Free Flights” 23 compliance modules
checkmark  - checkmark - Homograph Characters + “Free Flights” 73 3-5 min videos
checkmark  - checkmark - Homograph Characters + “Free Flights” 22 interactive security-trivia games
checkmark  - checkmark - Homograph Characters + “Free Flights” 258 pieces of artwork & newsletters

Preview the ModStore Now!
(you’ll be pleasantly surprised)

Start Your Preview  - d3f1fd50 d86d 47c6 a90d 25d6e4bac330 - Homograph Characters + “Free Flights”

 



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here