Mobile Phishing (aka MobPhishing)
Attack Pattern ID: 164 (Standard Attack Pattern Completeness: Stub)Typical Severity: HighStatus: Draft
+ Description


An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Mobile Phishing is a variation on the Phishing social engineering technique where the attack is initiated via mobile texting rather than email. The user is enticed to provide information or go to a compromised web site via a text message. Apart from the manner in which the attack is initiated, the attack proceeds as a standard Phishing attack.

+ Attack Prerequisites

Attacker needs mobile phone numbers to initiate the connection. The attacker must guess an area of interest for the mobile user to entice them to follow the link provided in the text message. The attacker must have a replicated web site as in a normal Phishing attack.

+ Resources Required

Either mobile phone or access to a web resource that allows text messages to be sent to mobile phones. Resources needed for regular Phishing attack.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern98Phishing 
Mechanism of Attack (primary)1000