NEWS FROM THE LAB - Tuesday, May 24, 2011

Look Carefully at the Web Address Posted by Mikko @ 12:38 GMT

What a stupid phishing site.

This site goes to great lengths to make sure you double-check that the URL you're on is accounts.craigslist.org.

And it isn't.

Craigslist phishing

This has got to be one of the stupidest phishing attacks I've ever seen.

Nobody will ever fall for that.

Except they will.

You see, people aren't reading e-mail on their computers any more. They are reading it on their phones. So they'll receive the phishing scam e-mails on their phone and they'll open the scam sites on their phones.

Let's have a look at what the site looks like on iPhone, Android and Nokia devices.

craigslist scam iphone

craigslist scam android

craigslist scam nokia e72

Now it isn't very obvious any more. (And it's particularly well formated for iPhone…)

As you can see, the small screen estate on smartphones makes phishing easier.

When you add this with the fact that most smartphones have no phishing e-mail filters and no web blocking of scam sites, we can only come up with one result: phishing works much better on phones than on PCs.

This is why our Mobile Security product blocks bad sites.

Here's what it looks like when you try to access the same site with a phone running our product.

F-Secure Mobile Security in action

We have reported the phishing website and it should be taken down soon.