Why touch screen technology increases phishing scam risk

Portable technology has revolutionized the way we communicate and the way we interact with the world around us. Evolving at its own rapid pace technology now ranges from the once super-popular iPod which allowed people to listen to more music than ever, to Blackberries which pioneered you having portable 24/7 access to email, through to the latest range of iPad’s and smart phone’s which allow users access to email, music and the web like never before. For the most part this advance in technology has resulted in positive outcomes, however, as with anything; there are always one or two downsides which need to be remembered.

One of the bigger downsides as I see it relates to the security of the platforms people use to browse the internet and read emails. Consider these facts quickly:

  • Australia is now the world leader in terms of smart phone penetration – 49%.
  • The Android platform is now more popular than the iPhone platform (via Kantar)
  • 40% of smartphone users have admitted to using their phone in a meeting to pass the time
  • 17% admit to using their phone whilst driving (May I point out this is dangerous and illegal)
  • 33% of users access email, games and the internet on the toilet

Whilst it is fantastic being able to be anywhere, accessing information and keeping in touch, the lack of a mouse on these portable devices makes you that little bit more attractive to Phishers and their scams. These devices all rely on touch screen technology and this is particularly what they like.

So why are touch screens attractive to scammers?

What a good question, thanks for asking. No, but seriously, touch screens do hold a serious advantage for phisher and their scams. Before I answer this question however, consider this; Phishing scams have become ever more elaborate, to the point where a good scammer will have profiled you using social media platforms to some extent and will insert relevant information into the email which you receive.

If you look at the following example from the ANZ website the email received by an unknowing recipient seems legitimate. The email is well written, the Logo looks right and the web address that you are prompted to visit even has an ANZ domain (highlighted).

Whilst the majority of the population will probably be skeptical of this email in the first instance based on ongoing education about online scams, there is still a sample of the population that will not be so savvy. However, even those usually skeptical of these emails may be fooled. As more people check email on the go (to or from work, or worse still driving!) chances are they will be distracted and not thinking clearly. As a result there will be a sample of recipients who will not even think twice in clicking the link in the email.

This is where touch screens are at a massive disadvantage to a good old screen and peripheral mouse. If you had the benefit of using a mouse and not your finger, you would be able to hover over the supplied ‘ANZ’ URL to see if the destination URL is the same as what is displayed. I bet you more times than not there will be a discrepancy. Chances are the actual destination URL will still seem like it is part of the bank’s site (eg www.identityconfirmation.anz.com) but subtle differences such as a .com instead of a com.au domain will mean you end up where you should not be, yet with no idea at all.  If you are using a smartphone however, your touch screen means you lose this ability to test the validity of the URL.

With the destination site maintaining the charade – that is appearing to be the bank site still – it is entirely possible that you would be hard pressed to know if the site was real or not. If you undertake the instructions you were sent to the site to complete, then unfortunately, you will be one of “those” statistics that I reference into the future, and I really don’t want that!

Thus my word of warning is this: Enjoy technology and the conveniences it brings, but please, oh please do not visit sites sent to you in email (even from friends as these could be hacked) as you have little if any of checking the URL.

Please note, each of the banks has a section on their site where they provide information on scams. Here are a few to check out:

http://www.anz.com/personal/ways-bank/internet-banking/protect-banking/security-threats/

http://www.westpac.com.au/security/fraud-and-scams/latest-email-scams/

http://www.commbank.com.au/security-privacy/online-security/latest-security-alerts.aspx

http://www.nab.com.au/wps/wcm/connect/nab/nab/home/personal_finance/12/3/1

http://www.bendigobank.com.au/public/business/merchant/how_to_protect_against_fraud.asp

Related Stories