back to article iPhone-wielding chumps rush to give data to phish sites

Mobile users are three times more likely to respond to phishing scams than their PC-using counterparts, according to stats prised from fraudulent websites. An analysis of logs from several phishing websites by transaction security firm Trusteer revealed that not only were they among the first visitors to arrive at a phishing …


This topic is closed for new posts.
  1. Code Monkey


    So there's a correlation between people who pay £70 a month for a mobile phone and people who trustingly give their details to criminals? Goodness me.

    1. Arctic fox
      Thumb Up

      @Code Monkey. re. Correlation

      Well I was going to say that if they are willing to pay Apple's prices..........but you kind of beat to it.

    2. Ammaross Danan


      I think the "8 times more likely" figure might be a bit skewed. Has this company taken into account mobile market share? Perhaps weight the percent of visitors using X OS by their reported percentile of online traffic?

      Example (using made up numbers):

      If iPhones contribute 40% of a mobile website's traffic, and BB only 10%, there's a 4-to-1 right there. So an 8-to-1 (8 times) visitor rate of iPhone to BB is actually only 2x as likely. Did these "researchers" actually provide such weights to their figures, or did they just assume that they sent phishes to exactly the same number of BB vs iPhone users and counted who visited...?

      1. Anonymous Coward
        Anonymous Coward


        From TFA:

        "BlackBerries are as commonly used in the US, for example, as iPhones"

        Since we're talking about email responses it looks like there is no need for weightings...

  2. morphoyle


    Most people won't learn anything unless they are forced to. Making a product "easy to use" just makes the end user less capable overall. Way to go Apple.

    1. The Infamous Grouse
      Jobs Horns

      Ease of abuse

      Absolutely. Having spent years educating friends and family on how to spot fraudulent e-mail in desktop and web applications, last year I got an iPad and was absolutely horrified at how the e-mail application renders messages. Masked URLs hidden from view, all-or-nothing rendering of remote images, suppression of e-mail addresses in favour of displaying only the "real" name, and -- perhaps inevitably -- full HTML rendering with no plain-text option.

      At one point I had two e-mails in my Inbox, one from my bank and another from a phisher pretending to be my bank by pulling in graphics from the legitimate bank site. On the iPad it was literally impossible to tell them apart with a passive read. The only way to check the legitimacy of a link was to click-and-hold until the Cut / Paste menu appeared and displayed a miniature copy of the actual destination URL. But why would you even do that unless you were already suspicious?

      Given how the iPad was being lauded at the time for its accessibility, ease of use and appeal to those folk not inclined towards using more traditional IT gear, I was very concened by the potential of its e-mail rendering to confuse the ignorant and naive. It's sad to say, but from this article it seems my concerns were not unfounded.

      It's such a pity. iOS as a platform is probably one of the safest ways for the technically non-savvy to browse the sometimes murky waters of the Web. The browser and applications are sandboxed, the operating system itself reasonably resilient to attack. Iffy websites that would bring down or compromise an unprotected Windows box will do very little if browsed upon by mobile Safari.

      And yet the weakest part of any security chain -- the user -- is rendered even weaker by Apple's choice to keep everything as simple as possible in the e-mail app and not permit customisation of the rendering. By doing so they've hidden from view any useful clues that what the user is looking at might not be what it seems.

      If the iPad and future iOS devices continue to grow in popularity I can foresee a decline in the sort of phishing e-mails designed to make the user browse to malware-laden sites, and a return to the more traditional methods of simple social engineering. Why bother trying to compromise machines into revealing useful information, when it's easier than ever to fool the users into doing the exact same thing?

      1. Anonymous Coward
        Thumb Down


        Your bank relies on email for communications? Tell us more so we can avoid it......

        1. The Infamous Grouse


          Yep, 'twas the home of online security and PINSentry, Barclays. I told them in a strongly worded e-mail why sending out official bank correspondence by e-mail complete with clickable links was a Very Bad Idea. I may even have mentioned the iPad scenario above. An awful lot of other customers took the opportunity to vent as well, if their PR people are to be believed.

          And to be fair they did get someone to phone me back and apologise. As with so many things these days they claimed it was someone in corporate communications getting a bit trigger happy and not running things past the IT guys. Apparently those IT guys were not happy with the flack it generated, nor with the sudden flow of PR people coming to them with technical questions raised by concerned customers.

          I'm surprised the incident didn't make it to El Reg to be honest, although I chose not to report it as they'd had the decency to apologise and did genuinely appear to be upset with the idiots who'd sent out the e-mails. Perhaps other customers felt the same way and gave them the benefit of the doubt.

          It was a one-off and hasn't happened since.

          The ultimate irony is that the e-mail in question was encouraging me to sign up for Online Banking. Which is odd, because the only reason they had an e-mail address for me in the first place was because I already had an Online Banking account.

      2. Anonymous Coward
        Anonymous Coward

        Banks and Emails

        I don't ever give my email address to my bank - that way I know that any email purporting to be from my bank is a scam.

      3. Anonymous Coward

        Franz Kafka works for Barclays

        I received a mailshot about an interesting Barclays promotional offer. Unsure if it was genuine, I emailed the Barclays customer email contact to confirm they had sent it. Their response was that they couldn't answer my question as their policy is not to discuss sensitive information by email...

  3. Anonymous Coward
    Jobs Horns


    "also found that eight times more iPhone users than BlackBerry users visited dodgy websites."

    That's simply because unlike a BlackBerry, with the iPhone you actually can browse the net!!

    Also this data is rubbish, to suggest a lesser intelligent set of people use iPhones is crazy, I think it's simply down to the fact that Apple own consumer market share so really you could assume anything from said apple-fanbois..

    1. Lionel Baden
      Thumb Up


      Also this data is rubbish, to suggest a lesser intelligent set of people use iPhones is crazy

      Im guessing you bought an iphone.

      Please explain otherwise :)

      1. ThomH

        @Lionel Baden

        I suspect that "That's simply because unlike a BlackBerry, with the iPhone you actually can browse the net!!" was the AC's explanation of why his claim can be seen to potentially have objective validity.

        Alternatively, see the NetApplications report for December ( — iOS browser share is 1.69%, BlackBerry is 0.13%. So if the statistic were 'user of an iOS device' (rather than explicitly an iPhone) versus 'user of a BlackBerry', you'd expect to see exactly 13 times as many of the former falling for scams, all other things being equal.

        1. Lionel Baden


          that was a semi serious troll post

          Jeez get a sense of humour !!

    2. multipharious


      It also might have to do with the gobsmackingingly insane sales strategy of suggesting that Apple is virus free. (anyone heard this shit in a store?) It literally promotes lax security, and the haughty and cavalier attitude towards safety is jaw dropping. The keys to the castle are not on a device. They are the accounts.

      No surprise that with more market share Apple joins the fun and games they have mocked for so long. Lock up the front gate with a UNIX based OS? Fine, the criminals will come around the back...

  4. Andrew Bush


    r ewe calin me dum?

    Posted from my iPhone 4

  5. WoodchipSFD

    To quick to flash

    Maybe MOST iPhone users are just too keen to find an excuse to get their phone out and don't have time to think.

    The coat? 'Coz I'm just getting my Blackberry out my pocket.

    1. Anonymous Coward
      Anonymous Coward

      And Blackberry users

      Are never seen putting there phone on the pub table or next to there laptop on the train to show how very very important they are?

  6. soaklord


    What is not "suspected" as a reason why Blackberry's are less likely to go to a phishing site is that perhaps people don't like logging on to their bank from a corporate phone and incurring the "you used your corporate device for personal use and we pay for that data" wrath of IT. And getting the email on Blackberry, then waiting until you get to a computer may be too long a delay as the article suggests.

    1. David Pickering


      no self respecting corporate it department would roll out iphones to their user-base.

  7. Radelix


    I think it could be down a point noted in the article where they state the URL is not as easily shown. Considering on a full fat pc of choice the URL bar is always present and you can easily investigate the URL if you are suspicious. Not so on my android where I have to scroll back to the top of the page if I fail to see the URL while it is loading.

  8. War Monger

    Does this surprise anyone

    Isn't the inherient gullibility of iPhone users self-evident?

  9. adrianww


    Aren't they the folks behind Rapport - that dreadful piece of unnecessary, crippling bloatware that various UK banks are trying to thrust upon their online customers?

    If so, I suspect that this bit of news is just a prelude to them trying to flog even more of their shiteware, this time ostensibly to protect people using mobile devices such as, oh I don't know, iPhones perhaps.

    It's getting to the point where I'm almost beginning to prefer the virus writers, phishers and dumb skiddies to the AV snake-oil salesmen.

  10. Anonymous Coward

    I own an iPhone

    and have been to more than one phishing site from it - I just love entering false but authentic looking information into these sites.

    I can't be the only one either, as lately there's been more than one phishing email I've received that has threatened legal action against those who enter false info.

    1. Anonymous Coward

      Thank you very much

      Thank you for admitting your stupidity, this puts you one point in IQ above the average IOS user.

  11. JaitcH

    Herding instincts at work?

    Purchasers of mobile products tend to fall in to well defined groups. Equally their general buying habits form similar groupings.

    It can be seen that notwithstanding a well publicised product having many 'compromises' AKA defects, it's support group has continued to purchase this defective product, seemingly armed with the knowledge that it has problems.

    Since this particular group, and possibly others in support of alternate equipment, has shown such a predication for 'herd' purchasing it should not come as a surprise that they, too, show similar responses to other purchasing offers.

    I don't think 'instant' mail is much of a factor since similar mail systems exist for laptops. It is the mental attitude that has the greater effect.

    Now that many mail processors offer free and charged mail filtering mail attacks should decrease.

    Of course if the OS authors made information access less automatic mobile terminals would be more secure.

  12. David Pickering
    Thumb Up

    yet more proof that

    iphone users are idiots.

  13. Anonymous Coward

    if im allowed to make two comments..

    id just like to say that i judge people on whether or not they own an apple product. its usually also a good indicator of how knowledgeable they are in terms of IT.

    my judgement is usually justified as the person usually turns out to be a thick prick ;)


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022