Catching a Phish with a Smartphone

There was more news today in Dark Reading on the vulnerabilities of the Apple iPhone, RIM Blackberry, and Palm Pre as a result of spear-phishing tests using a phony LinkedIn email. The impact of this social engineering threat is two-fold:

1) There are so many people using their smartphones to view corporate and personal email that it’s hard to guess whether anyone is safe from this sort of attack.
2) Social networking is becoming one of the killer apps on smartphones, especially when coupled with location (such as GPS) and the real-time web (such as Twitter). The attack preys upon the insatiable need to be connected to our communities, even though I have idea why Bill Gates would want to connect over LinkedIn.

According to Joshua Perrymon, CEO of PacketFocus, “he was able to get his spoofed message through 100 percent of the time.” 100%!!!

How do you fix this? According to the article, “The trouble with socially engineered, targeted attacks is that there’s no real “patch” to protect products and users from falling for them. Email authentication technologies like PGP are not widely adopted, and it’s difficult for vendors to spot spoofed email messages, experts say.”

The only resort is to rewind to the stones ages of landline and pen/paper. Highly unlikely so I foresee we’re in for quite the Tsunami of Insecurity with infected mobile devices by the millions and billions.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s