SMiShing

David Rayhawk, senior researcher at McAfee Avert Labs, explains how SMiShing works in a blog post entitled 'SMiShing - an emerging threat vector:'
"Some cell phone users have started receiving SMS messages along these lines: 'We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order: www.smishinglink.com.' (This is an example and was not a real url at the time of writing)This phenomena, which we at McAfee Avert Labs are dubbing "SMiShing" (phishing via SMS), is yet another indicator that cell phones and mobile devices are becoming increasingly used by perpetrators of malware, viruses and scams.

While some might recognize this as a scam, many unsuspecting users would not. Fearful of incurring premium rates on their cell phone bill, they visit the Web site highlighted in the message. Once they arrive at the URL, they are prompted to download a program which is actually a Trojan horse that turns the computer into a zombie, allowing it to be controlled by hackers. The computer then becomes part of a bot network, which can then be used to launch denial of service attacks, install keylogging software and steal personal account information and other malicious activities. Because monitoring botnet activity is complex, it is challeging to know the current scope of the problem."

Mobile phones and devices and the wireless networks they connect to often lack effective security mechanisms. As a result, mobile devices are becoming an increasingly frequent target of attack. Rayhawk predicts that threats to cell phones and other mobile devices will become as common as those targeting the PC and that SMiShing attempts could eventually outnumber malware-laden e-mail messages. Furthermore, because users often forward messages to their personal computers, they may put their PCs and networks at risk as well.

According Daniel Taylor, managing director of the Mobile Enterprise Alliance, best practices for mobile device security management should include:

• Policies that help to address phishing.
• Security software to address viruses and other malware.
• A way to use over-the-air updates to re-image devices and recover data.

Users are advised to be as vigilant about security for their mobile devices as they are for desktop computers.

Learn more about Mobile Device Security

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - See the rest of David Rayhawk's blog post: 'SMiShing - an emerging threat vector.' - SearchMobileComputing.com reports that 'SMS phishing is here.'

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Fingerprint recognition and mobile security Fingerprint recognition technology for mobile devices is posed to become the preferred user authentication solution mobile device security. Traditional security threats coming soon to mobile device near you Browser exploits, botnets and more will soon be coming to mobile devices, according to a report from the Georgia Tech Information Security Center. Securing your Windows Mobile devices With System Center Mobile Device Manager, Microsoft provides an easy-to-use security solution for enterprises that use Windows Mobile devices.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary mobile VPN  (SearchMobileComputing.com) A mobile VPN is a networking configuration that enables mobile devices such as notebook computers or personal digital assistants (PDAs) to access a... real-time location system (RTLS)  (SearchMobileComputing.com) A real-time location system (RTLS) is one of a number of technologies used to pinpoint the current geographic position and location of a target.