Banking Criminals Zero in on Cellphones

NEW YORK (MainStreet)—Plain facts: more of us are doing a lot more reading of email, surfing of web pages and clicking on text messages on smartphones than ever before - duh. Obvious of course.

What is not so obvious is that cybercriminals are connecting the dots, and they are zeroing in on the heightened vulnerabilities that come with reading on a small screen that can be downright peculiar in how legibly it shows text in lighting that is less than perfect.

When we use cellphones we become perfect marks for criminals who want us to click on their malicious links and trick us into giving away our log in credentials to mobile banking.

The proof: a report from security firm Trend Micro claims that in 2012 it found some 4,000 phishing URLs designed for the mobile web, meaning links to malicious websites optimized for mobile devices.

The report continued: "What's more worrisome is the kind of websites these phishing attacks spoof. In 2012, 75% of mobile phishing URLs were rogue versions of well-known banking or financial sites. Once users are tricked into divulging their login credentials to these sites, cybercriminals can use these stolen data to initiate unauthorized transactions and purchases via the victim's account."

Heading the parade of imitated sites were PayPal, Wells Fargo, Bank of America and several foreign banks (such as Absa in South Africa).

"Mobile is the new treasure trove for cyber criminals," said J.D. Sherry, a vice president at Trend Micro. He said the number of mobile focused attacks has been soaring.

There is a reason for this, or maybe two.

Most of us have been thoroughly trained - ad nauseum - to not click on suspicious links in email (ones promising details on payoffs on a big U.K. lottery, for instance), and we also have gotten good at eyeballing email addresses to check if that email about an expected deposit was in fact sent from a valid Chase address - or something from the Ukraine.