[August 01, 2011] Crooks Seek Safe Haven in Mobile World Tweet (AllAfrica Via Acquire Media NewsEdge) A recent report released by Symantec tells of a twist in phishing attacks, with the new baits being mobile phone users. Fraudsters and cybercriminals have been exploiting all possible avenues in the networked world to steal money and sensitive data from users. As technology in the mobile sector advances, targeting more users, there is a growing trend of cybercriminals and fraudsters seeking a haven in mobile devices. The Symantec Intelligence Report of July identifies two key areas through which mobile users can end up at the hands of phishing criminals. According to the internet security company, mobile phone phishing attacks are launched behind fake WAP (wireless application protocol) pages and compromised domain names. WAP pages are website pages customised for compatibility on mobile phones, hence they have reduced file sizes and graphics. Many companies and organisations use WAP pages in their brands for ease of their websites being displayed on mobile devices. In essence, the WAP pages use reduced levels of Web design technologies, making them easier to fake. Security researchers at Symantec have so far spotted a growing trend of phishing attacks that target mobile users by use of fake WAP pages. In some cases, phishing sites use such fake WAP pages to request for a user's login details after which it opens the legitimate brand website. The case for altered domains at times used by cyber-criminals stems from the fact that URLs (universal resource locaters) for mobile phone screens are truncated when shown in the address bar. This can allow attackers to create deceptive URLs to dupe cell-phone users. By targeting mobile phones, criminals are merely casting their nets wider as many users adopt the devices to access the Web and conduct financial transactions. Phishing attacks collect sensitive data from users that can be used for fraud or other damage. Given the growing number of people accessing the Web using mobile devices, there is need for awareness as criminals migrate from the traditional PC tactics to sophisticated approaches. Kenya has approximately 25 million mobile subscribers and 10.2 million Internet users. Mobile penetration stands at 63.2 per cent, with the majority using their devices for money transfers and Internet access. The M-Pesa mobile money system alone has a subscriber base of 16 million and millions of shillings are transferred on the network daily. In February, Nokia alerted phone users over a re-emergence of computer scams on mobile phones. Fraudsters were using the Nokia brand to cheat people via SMS that they were winners of a Nokia promotion and UK lottery. To sensitise the public, it warned recipients from replying to the message or calling the UK number that came along with the scam SMS. In line with emerging fraud cases in the mobile sector, Safaricom has in the past alerted its M-Pesa subscribers against fraudsters. Sometime back, Google had to seal up software loopholes which exposed its Android OS to malware that compromised users' data. Software vulnerabilities in the OS allowed a malicious DroidDream programme to root the smart-phone to servers set up by hackers to harvest data. Root-kits on mobile phones can relay users' data without the phone owner realising the extent of damage and even their very existence on the phone. During the East African workshop on cyberspace security, mobile money transfer technology came under scrutiny, with experts proposing enhanced security to keep cyber-criminals at bay. The system is one avenue where criminals can defraud users. Although hackers have not infiltrated the mobile money networks, there are chances of individuals being targeted from within their mobile phones. To be safe, users are advised to remain vigilant and report any cases of suspected criminal activity to the operators. Also, there is need for people to observe basic security measures when they use cell-phones. The writer is a Telecommunication Engineer. [email protected]. Copyright The Nation. Distributed by AllAfrica Global Media (allAfrica.com). [ Back To TMCnet.com's Homepage ]