Phishing attacks involve two forms legitimate behavior that it mimics and techniques applied to accomplish the attack. It acts as one of legitimate application or website and behaves in a similar manner like actual application or website. Some of the behaviors used in phishing include malware acting as social sharing application or link, with a fake mobile login screen. Phishing attacks can also be in the form of fake upgrade or an intimidating request to download a particular game on your mobile phone. When the user responds to such request, he ends up running a malware attack on a mobile device. Major targeted websites include social media platforms such as Facebook and Twitter. Other sections targeted include Android applications. Preventing phishing attacks involve configuring a mobile device such that to run an application identity. Operating system and web browser should be set to display application identity or address bar of a particular website. The alternative preventive mechanism is the application of spoof killer password entry mechanism.
Other threats that attack Smartphone include malware, gray ware, and personal spyware. Malware is a threat intended to gain access to a mobile device with a purpose of stealing data, damaging the mobile device, or annoying end user. It applies defrauding techniques by asking the user to install a malicious program. Personal spyware is a form of attack that collects end user personal information such as addresses, text messages, passwords, and other credentials. Information is used to install malicious programs or access data without end users knowledge. The gray wire attack is characterized by collecting end user data and information with a purpose of marketing that data or providing it for profiling. Targeted systems include Symbian, Android, and Apple operating systems.
Mobile devices are at risk of being stolen and getting lost. The small size of smart devices have given thieves more urge and easy to snatch them. Attackers are focusing on people’s pockets, purses, and briefcases where mobile devices are placed. High ability of processing power, storage locations provide a high risk of data loss (Murugiah, & Karen, 2013). Sensitive data and information concerning corporate are stored in phones. Business emails, customer databases, corporate presentations, and business plans are stored on mobile phones. If iPhone, iPod or other Smartphone may be lost or stolen business enterprise privacy and confidentiality may be exposed to the public. Captured information may use for commercial purposes as information to implement an attack or intentionally damage the reputation of a particular company (Murugiah, & Karen, 2013).
Old and new techniques are being implemented to trap users of mobile devices effectively. Current attacking techniques implemented include the use of popular events to accomplish malware attacks. Events such as Valentine day, charismas day, and New Year has been used by attackers to influence mobile phone users to install and run malware on their devices (Paul, & Jon, 2015). Attackers distribute captivating pictures, flowers, and gifts that command mobile device user to click it for more incentives. As a result end, the user ends up installing malware on the device. Premium texts also induce end users to open some text messages in emails and apps containing hidden malware that run in the background (Paul, & Jon, 2015).
From analysis sophisticated attacks are highly increasing. Identifying attacks are becoming difficult and impossible to mitigate. Developers should provide technical security measures such as mobile firewalls, antivirus, and encryption techniques (Murugiah, & Karen, 2013).
Murugiah S. & Karen S. (2013). Security of Mobile Devices in the Enterprise. Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf.
Paul R. & Jon F. (2015)Cyber Threats to Mobile Phones. Retrieved from https://www.us-cert.gov/sites/default/files/publications/cyber_threats-to_mobile_phones.pdf