A mobile phishing campaign that targeted customers of more than a dozen North American banks, including Chase, Royal Bank of Canada and TD Bank, managed to hook nearly 4,000 victims. The attacks used an automated SMS tool to blast bogus security text messages to mobile phone users between June and last month. Mobile security firm Lookout identified the “mobile-first” phishing campaign and said that victims were sent text messages claiming that their bank detected suspicious activity tied to their account. The SMS-based messages each included a link to one of over 200 phishing pages. “The [phishing pages] are built to look legitimate on mobile, with login pages mirroring mobile banking application layouts and sizing, as well as including links like, ‘Mobile Banking Security and Privacy’ or ‘Activate Mobile Banking,'” wrote Lookout researchers Apurva Kumar, staff security intelligence engineer and Kristin Del Rosso, senior security intelligence engineer, in a report published Friday. In their report, researchers pointed out that mobile-based phishing campaigns have advantages over their desktop equivalents. For one, mobile phishing messages and spoofed sites are less likely to be scrutinized, they said. “Since mobile users are typically on the move and less likely to scrutinize the authenticity of an SMS message, text messages have become an attractive new attack vector,” researchers wrote. Also, often a condensed mobile site will not display an entire URL, making it harder…
govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-02-14 12:45:002020-02-14 12:45:00SMS Phishing Campaign Targets Mobile Bank App Users in North America
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org