This report presents a comprehensive study on mobile phishing attacks, focusing on web page, application, and account registry phishing. The authors highlight the vulnerabilities of mobile devices and user habits that make them susceptible to these attacks. The core of the report introduces MobiFish, a novel automated and lightweight anti-phishing scheme designed for mobile platforms. MobiFish validates the identity of web pages, applications, and accounts by comparing claimed and actual identities, leveraging optical character recognition (OCR) technology to extract text from login interfaces. The authors implemented MobiFish on an Android smartphone and conducted experiments using phishing and legitimate URLs and apps, demonstrating its effectiveness in detecting phishing attacks. The report emphasizes the limitations of existing PC-based anti-phishing schemes and the need for specialized defense mechanisms for mobile platforms, including the novel account registry phishing attacks. The MobiFish scheme addresses the problem of identity masquerade without relying on HTML source code or machine learning techniques, making it a practical and efficient solution for mobile security.
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
