Oct 24 2018

Phishing on the Phone

Phishing is an ever-present problem that we must contend with.

When most think of phishing attacks, thoughts immediately turn to emails that try to get us to click. But phishing is not just an email-based attack. We are seeing phishing conducted through search results and even Google ads. These can be especially problematic when users are searching from their smart phones.

Why would searching from your smart phone be bad? With a smaller screen, you may see less information than on your computer. It means the phishing links don’t need to be as convincing to get you to click, or you may even just click accidentally. A colleague recently shared his own experience, searching for airline information from his phone. The top hits he received were not sending him to the specific airline or aggregated travel sites, but he received options for numerous questionable sites that didn’t correlate correctly. Someone less savvy may have clicked the links or called the phishing numbers and not realized their mistake until the damage had been done.

What does this mean for you? As always, we must be constantly aware of your surroundings, both in real life and in cyber space. More and more, those top few hits from your Google search are paid for, and not always by the nicest people. Inspect the search results and be certain the link or number you are clicking appears to be legitimate. Make sure the result actually matches what you searched for. If you searched for “Alaska Airlines” make sure the link is for that, not just one pushing “flights to Alaska.” It’s important for us to inspect before we click – just because it came up in our Google search results does not mean it’s safe to click.

The search engines try to mitigate this, but it’s getting harder to filter out the malicious ads. Once again, it’s up to the human.