Are smartphone users more susceptible to phishing attacks than computer users? It would appear so, based on this recent case study posted by Trusteer CEO Mickey Boodaei.
Trusteer looked at the log files of several phished sites and found that mobile users were the first to visit the phishing sites and were far more likely than other users to submit private information.
The first of these is easily explained by the "always-on" nature of cell phones. The more interesting analysis is why smartphone users are more likely to be fooled than computer users. The answer, at least according to Trusteer (which, it should be noted, is trying to push its secure mobile browser), is that smartphone browsers don't have as many safeguards as desktop browsers:
It's very difficult to tell whether an email is fraudulent since the â€œFromâ€ field doesn't include the sender's address, but rather the name of the sender (such as ACME Bank)...In HTML mail (the most common format for fraudulent messages) when a link is embedded as a href such as hovering over the link will not reveal the actual address.
Boodaei goes on to point out that the browsers and/or "are you sure you want to visit [URL]" warnings, display only the beginning of the URL, which can be easily engineered to deceive.
It's reasonable to assume that the same lack of attention to security safeguards in mobile browsers puts smartphone users at risk of malware, as well. Yes, I know that mobile platforms are more likely to use sandboxing and other anti-malware measures, but exploits will be discovered eventually. In the meantime, users are at risk of being tricked by fake AV sites and other scam sites tailored to mobile phones.
Trusteer uses this discovery to recommend greater adoption of its own secure mobile browser. To me, the better recommendation is for all web browser and e-mail app creators to increase their attention on security safeguards, much like major desktop app creators have been doing in recent years.