The Human Factor in Mobile Phishing

The Human Factor in Mobile Phishing

Rasha Salah El-Din (University of York, UK), Paul Cairns (University of York, UK) and John Clark (University of York, UK)
DOI: 10.4018/978-1-4666-8345-7.ch004


Phishing is the use of electronic media, like emails and mobile text messages, to fraudulently elicit private information or obtain money under false pretence. Though there is considerable interest in phishing as a security problem, there is little previous research from the human factors perspective and in particular very little empirical support for what makes mobile phishing effective or successful and therefore how best to defend people from it. This chapter describes some of the research conducted from the field of traditional phishing that already embraces the effect of human factors on phishing vulnerability. The limited amount of research exploiting mobile phishing is discussed; including a review of our previous work involving evaluating mobile users' strategies for managing mobile phishing attacks. By reflecting on how these subjects investigate the threat of phishing, this chapter aims to show that empirical research on mobile phishing is scarce and falling behind in terms of identifying underlying psychological processes and inspire future research in this area.
Chapter Preview

Introducing Mobile Phishing

The small size, high connectivity and mobility provided by mobile phones empowered them to be one of the most widely used devices all over the world. Yet, these factors made mobile phones subject to different security threats. A recent study by Informa Telecoms (Informa Telecoms, 2009) had put mobile malware, such as ComWar and Capir, and phishing on top of mobile security threats. Ying, Dinglong, Haiyi, and Rau (2007) have summarized possible security attacks to mobile phones as follows:

  • 1.

    Virus attacks via either SMS, Bluetooth or Computers.

  • 2.

    Spam messages either via advertising or fraud.

  • 3.

    Data loss due to loss or theft of mobile devices.

  • 4.


  • 5.

    Internet scam in case of accessing the internet by mobiles.

In fact both mobile and fixed communications face similar threats: Masquerade, eavesdropping, authorization violation, loss or modification of transmitted information or sabotage (Schiller, 2003). What makes these issues need further investigation for the mobile context is the vast spread of mobile phones usage in business. More enterprises’ employees rely on their mobile devices in general and on their cellular phones in particular, for running business operations. Yet, few numbers of these organizations really protect these devices. According to Muir (Muir, 2003), less than 10% of mobile devices used by major organizations, have serious protection for stored data.

Complete Chapter List

Search this Book: