Is it the iPhone or the User?

The folks at Trusteer got their hands on the logs from some phishing sites and found that people using iPhones are more likely to fall for phishing attacks than users of other devices, including PCs.

Some of the findings included:
Mobile users get to the phishing site sooner than PC users.
Mobile users are 3 times more likely to submit their credentials to a phishing site than desktop users
8 times as many iPhone users accessed these phishing sites than did BlackBerry users.

It should come as no surprise that mobile users get to the phishing sites first. Many of these users are PC users who happen to get the phishing emails on their mobile devices before they check email on their desktop or laptop computers.

It also makes sense that mobile users would be more likely to submit credentials. The mobile screen does not show as much information as a full sized computer. Much of this information helps provide context and visual clues that make phishing sites easier to recognize. Mobile users who don’t have much experience with computers are probably also more likely to fall for phishing attacks.

The demographics of iPhone users are a bit different than the demographics of Blackberry users. Additionally many Blackberries are managed through BES, which allows IT administrators to more strictly control the devices. A Blackberry user potentially has better anti-spam protection than most iPhone users and antispam can filter out many phishing attacks.

What is not clear is why there is such a huge difference between iPhone and Android users. Nearly seven times as many iPhone users were reported to have fallen for phishing attacks as Android users. Possible explanations? Android users can download porn apps (iPhone users can’t) so they don’t have time to visit phishing sites? Perhaps the phishing sites that Trusteer got the logs from tended to target iPhone users? Without details it is impossible to know if the sample set was larger enough and diverse enough to have statistical relevance.

What we do know about phishing attacks is that it is the user and not the device that makes the decision to click on a link in a phishing email and to then enter their credentials. If you have an iPhone and then switch to an Android or other smartphone your personal risk of falling for a phishing attack is precisely the same. Phishing attacks are user dependant and device independent.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center – ESET LLC

Author ESET Research, ESET

  • John Nielsen, Nielco IT

    Thanks for a very interesting blog post.
    Could it be that many iPhone users are also users of Apple's computers, which unfortunately not gets antivirus installed?
    It's a common misconception that Apple's gadgets and computers can not be affected by malware.
    Will they ever learn? :-)
    Best Regards
    John Nielsen

    • David Harley

      I’m sure lots of iPhone users are also Mac users and vice versa, and there’s always a concern that users of any system may expect more of their OS or security applications than is realistic. However, while I’m not disputing Trusteer’s statistics, I’m not convinced that the conclusions the Register and others have drawn are altogether safe. I suspect that properly weighted data from a proper survey, taking into account the differences between iPhone and BB user populations and corporate security measures, would show a significantly less dramatic difference.

  • Steve Jobs

    It has also been statistically proven that most Android users are gingers.
    Sent from my iPad

    • David Harley

      @Steve I don’t usually approve obviously cases of identity theft, but that one tickled my fancy. :)

  • twilightomni

    Guess: More Android users use Gmail, which has very good service-side spam filtering.
    Other: more iPhone users manage email on their phone than Android users.  More iPhone users use Mail on iPhone than Android users use Mail on Android.
    Additionally: Although Android is outselling iPhone for the past half-year, there are many older iPhone customers out there. Also many younger people with iPod touches and email on them.
     
    So, a combination of the email service involved, the ease of use of the platform's native Mail app, and Google's Android preference towards GMail.

  • andrew

    Could it just be that more iPhone users are affected more because the iPhone browser is so much better and easier to use than a bberry browser for instance… For instance the page will 9/10 open better on the iphone than the blackberry making it easier to submit details etc.

    • Randy Abrams

      intresting theory, but probaby offset by the lack of connectivity ATT users report :)

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic

2FA

06 Jan 2011
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.