New type of phishing could hit mobile phone users

By

Experts have warned of a new type of phishing that could siphon bank details from mobile phone users.

Mophophishing is where hackers send out fake banking applications to unsuspecting mobile phone users. The users then type their account details into the application thinking they were accessing their accounts when they were actually sending their personal details back to the hacker.


Ken Munro, managing director of penetration testing firm SecureTest, said that mophophishing "was very difficult to detect".

Munro said spotting a phishing email was relatively straightforward, as the user need only examine the source code of an HTML email and inspect the domain name and path of any link to verify its authenticity. But with a mobile application, this information is concealed deep within the application code itself.

"Unless the user decompiles this they have no way of knowing whether they are being directed to a genuine website or not," warned Munro.

He said another way that hackers could gain information is through the use of rogue servers. A rogue server would monitor and cache data passing between a phone and an online banking website, acting much like a phone tap. Any valuable data can then be identified and used by the phisher to access the bank account. As far as the victim is concerned, the application works as intended and would remain unaware of any problem with the transaction.

Munro said developers had to act now to make mobile applications more secure and allow easier detection of mophophishing attacks.

"Unless banks and mobile application developers put in place significant security measures, mophophishing could damage user acceptance of mobile applications in the same way that online banking has suffered from phishing attacks and spoof websites," said Munro.

www.securetest.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?