<
p style=”text-align: justify;”>Mobile phishing attacks have continued to advance, targeting corporate executives. A report from mobile security firm Zimperium describes these attacks as highly sophisticated means of exploiting mobile devices. Thus, there is an emerging need for awareness and security measures.
How the Attacks Function
One campaign uncovered by Zimperium’s research team (zLabs) impersonated Docusign, a widely trusted e-signature platform. The attackers sent fake emails designed to look like urgent communications from Docusign. These emails urged recipients to click on a link to review an important document, playing on trust and the sense of urgency.
Initial Stage: Clicking the link redirected victims to a legitimate-looking webpage, masking its malicious intent.
Second-level Credibility: Then it led to a phishing site with a compromised university website address, which gave it a third level of credibility.
Mobile Specific Ploys: The phishing site on mobile was a Google sign-in page, created to steal login credentials. Desktop users were taken to actual Google pages to avoid detection.
Using CAPTCHA: To gain user trust, attackers added CAPTCHA verification in the phishing pages, so it resembled a real one.
Why Mobile Devices Are the Target
Mobile devices are generally less secure than traditional com
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.