SlideShare une entreprise Scribd logo

Avoiding Bad URL's In the Mobile Web

Alliance Data card services - Know More Sell More
Alliance Data card services - Know More Sell More

Malicious URLs pose a threat to mobile users and can be encountered in several ways like through malicious apps, websites, search results, and SMS messages. They can lead to negative consequences like information or account theft, mobile malware infection, or complete device compromise. It is important for mobile users to practice safety by only using official apps, checking app permissions, bookmarking trusted sites, and using mobile security software.

TechnologieBusiness
1  sur  12
Télécharger pour lire hors ligne
A DIGITAL LIFE E-GUIDE AvoidingBadURLs in the Mobile Web
Mobile malware isn’t the only thing you have to worry about every time you use your mobile device to go online. Cybercriminals are stepping up the production and sophistication of their mobile threats. They’re not stopping at just creating malicious apps and putting them where you can easily mistake them for legitimate ones. By using bad URLs that execute malicious routines, cybercriminals also make browsing the web on your mobile device more dangerous. It Doesn’t Stop at Malicious Apps
Malicious URLs come in different forms: •  Malicious domains use keywords related to anything mobile (e.g. Android, mobile, etc.). These domains host mobile malware in the form of .APK files, which are recognized by Android as mobile app installation files. Sometimes these files are advertised as free versions of paid apps, or are automatically downloaded onto your mobile device without your knowledge. •  Malware-tied websites are linked to a mobile malware’s malicious routines. 16.88% of all the malicious and high- risk apps we’ve detected so far connect to bad URLs. These URLs can vary in function. They can serve as a repository of stolen information, host configuration files or malware components, or host malicious ads or adware. •  Mobile phishing websites spoof legitimate login pages. Cybercriminals trick you into giving your login details by relying on the inability of some smartphones to display their phony web pages completely. Mobile phishing is not a new phenomenon by any means, but there is a rise in its incidences. For more information, read our e-guide, Protecting Yourself Against Mobile Phishing. Bad URL Types
Even the most careful mobile user may encounter bad URLs. Here are some example scenarios: •  App installation: Installing apps can make you susceptible to malicious URLs. A Trojanized version of the Bad Piggies app discovered in late 2012 makes a home screen shortcut to the malicious app’s source website upon installation. Opening it leads you to download even more malware onto your device. Candy Crush, a popular puzzle game app, was also recently targeted. Packaged as a ‘cheating’ app for the game itself, it actually pushes ad notifications that could be used as points of entry for malicious URLs. •  App usage: Using fake or Trojanized apps can expose you to malicious URLs. A malicious in-app advertisement or the app itself can link you to a malicious URL. The malicious app we detect as ANDROIDOS_KSAPP.A automatically connects to certain URLs in order to send and receive information. •  Online activities: Making mistakes while typing your target website’s URL on the mobile browser’s address bar could lead you to a spoofed web page. The 2012 holiday season saw banks and other organizations becoming mobile phishing targets, with pages spoofing websites such as Paypal and Amazon. Cybercriminals can also tailor their pages with keywords so their malicious websites will show up in your search results. •  SMS: Receiving and reading SMS messages on your mobile device can make you susceptible to malicious URLs. 419 scams (Nigerian scams) have long been a desktop threat, and its mobile equivalent, SMiShing, made its debut in 2006. Cybercriminals spam you with SMS messages that offer free items such as coupons or gifts. The spam then points you to a URL where you can supposedly find out how to redeem the offered items. The URL may appear to be of a legitimate website’s, but clicking it actually leads to a malicious web page. How You Encounter Them
Becoming a victim of bad URLs can turn your mobile browsing experience awry. Here are some of the things cybercriminals can do: •  Information theft: Cybercriminals can violate your privacy by posting or selling your personal details, SMS or call information, and location. •  Account security compromise: Any online account you access with your mobile device can be compromised. Cybercriminals can use them for malicious purposes, such as draining your bank accounts or leaving you with unexpected bills for products or services you didn’t even purchase. •  Mobile malware infection: Your mobile device could end up being infected with mobile malware hosted by malicious websites. •  Mobile device security compromise: Some mobile malware variants can actually take complete control of your mobile device without your knowledge. Cybercriminals can make calls or send SMS messages without your authorization, as well as subscribe you to premium services. These could result in more unforeseen charges. What Can Happen
Mobile web threats prove that mobile malware protection isn’t enough to be completely safe. Here are some safety practices you should look into: •  Use only official apps. Only download from trusted sources, such as the developer’s website or from Google Play. This reduces the chances of you downloading a malicious app by mistake. •  Always check the permissions of each mobile app you download and install. If the app is asking for your permission to perform certain functions outside of its intended use, uninstall it immediately. An example is a game app asking to make calls or SMS messages in your behalf. •  Bookmark the websites you frequent. If you must use your smartphone’s mobile browser, bookmark the sites you frequent. This decreases the chances of you landing on a phishing site. •  Get a mobile security solution. Powered by the Trend Micro™ Smart Protection Network™, Trend Micro Mobile Security identifies and stops mobile threats before they reach you. It provides a holistic approach to mobile security through its Web Reputation Service engine, which comprehensively classifies URLs and blocks those that are malicious. What You Can Do To Protect Yourself
Copyright ©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. TRENDLABS TrendLabs is a multinational research, development, and support center with an extensive regional presence committed to 24 x 7 threat surveillance, attack prevention, and timely and seamless solutions delivery. With more than 1,000 threat experts and support engineers deployed round-the-clock in labs located around the globe, TrendLabs enables Trend Micro to continuously monitor the threat landscape across the globe; deliver real-time data to detect, to preempt, and to eliminate threats; research on and analyze technologies to combat new threats; respond in real time to targeted threats; and help customers worldwide minimize damage, reduce costs, and ensure business continuity. TREND MICRO Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge— from the Internet. They are supported by 1,000+ threat intelligence experts around the globe. LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable in all situations and may not reflect the most current situation. Nothing contained herein should be relied or acted upon without the benefit of legal advice based upon the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without notice. Translations of any materials into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency or completeness. You agree that access to and use of and reliance upon this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing or delivering this document shall be liable for any consequences, losses, or damages, including direct, indirect, special, consequential, loss of business profits or special damages, whatsoever arising out of access to, use of or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an “as is” condition.

Recommandé

Cybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsCybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsNetLockSmith
 
Holiday scams
Holiday scamsHoliday scams
Holiday scamsWilliam Mann
 
Smartphone 7 aug14
Smartphone 7 aug14Smartphone 7 aug14
Smartphone 7 aug14Naval OPSEC
 
Protecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingProtecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingAlliance Data card services - Know More Sell More
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
Smartphone Smart Card 061013
Smartphone Smart Card 061013Smartphone Smart Card 061013
Smartphone Smart Card 061013McAlester Army Ammunition Plant
 
CDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersCDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersNetLockSmith
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 

Recommandé

Cybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsCybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsNetLockSmith
 
Holiday scams
Holiday scamsHoliday scams
Holiday scamsWilliam Mann
 
Smartphone 7 aug14
Smartphone 7 aug14Smartphone 7 aug14
Smartphone 7 aug14Naval OPSEC
 
Protecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingProtecting Yourself Against Mobile Phishing
Protecting Yourself Against Mobile PhishingAlliance Data card services - Know More Sell More
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
Smartphone Smart Card 061013
Smartphone Smart Card 061013Smartphone Smart Card 061013
Smartphone Smart Card 061013McAlester Army Ammunition Plant
 
CDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersCDSE Cybsecurity Awareness Posters
CDSE Cybsecurity Awareness PostersNetLockSmith
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Smartphone
SmartphoneSmartphone
SmartphoneNaval OPSEC
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityQuick Heal Technologies Ltd.
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Phishing Incident Response Playbook
Phishing Incident Response PlaybookPhishing Incident Response Playbook
Phishing Incident Response PlaybookNaushad CEH, CHFI, MTA, ITIL
 
Securing home wifi 16 mar15
Securing home wifi 16 mar15Securing home wifi 16 mar15
Securing home wifi 16 mar15Naval OPSEC
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Naval OPSEC
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Topsec Technology
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Unmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingUnmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingSoftwareDeals
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfvenkatprasadvadla1
 

Contenu connexe

Tendances

Securing home wifi 16 mar15
Securing home wifi 16 mar15Securing home wifi 16 mar15
Securing home wifi 16 mar15Naval OPSEC
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Naval OPSEC
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Topsec Technology
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 

Tendances (20)

Smartphone
SmartphoneSmartphone
Smartphone
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing Incident Response Playbook
Phishing Incident Response PlaybookPhishing Incident Response Playbook
Phishing Incident Response Playbook
 
Securing home wifi 16 mar15
Securing home wifi 16 mar15Securing home wifi 16 mar15
Securing home wifi 16 mar15
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
Phishing
PhishingPhishing
Phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_report
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMS
 
Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 

Similaire à Avoiding Bad URL's In the Mobile Web

Unmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingUnmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingSoftwareDeals
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfvenkatprasadvadla1
 
Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Techugo
 
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docxMobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docxmadhuri871014
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat ManagementKillian Delaney
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfFuGenx Technologies
 
Malware Applications Development.pptx
Malware Applications Development.pptxMalware Applications Development.pptx
Malware Applications Development.pptxFullstackSRM
 
The 10 Commandments Security Of Mobile App Development
The 10 Commandments Security Of Mobile App DevelopmentThe 10 Commandments Security Of Mobile App Development
The 10 Commandments Security Of Mobile App DevelopmentMobio Solutions
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
How to Secure Your Mobile Commerce App.pdf
How to Secure Your Mobile Commerce App.pdfHow to Secure Your Mobile Commerce App.pdf
How to Secure Your Mobile Commerce App.pdfOZONESOFT Solutions
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Anwar CHFI, SSCP, ITIL
 
7 Steps to Boosting Your App Security in 2022
7 Steps to Boosting Your App Security in 20227 Steps to Boosting Your App Security in 2022
7 Steps to Boosting Your App Security in 2022Cerebrum Infotech
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportContent Rules, Inc.
 
The Importance of Mobile App Security
The Importance of Mobile App SecurityThe Importance of Mobile App Security
The Importance of Mobile App SecurityOprim Solutions
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidLookout
 

Similaire à Avoiding Bad URL's In the Mobile Web (20)

Unmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe SurfingUnmasking Scam Websites: Ways to Safe Surfing
Unmasking Scam Websites: Ways to Safe Surfing
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
 
W verb68
W verb68W verb68
W verb68
 
Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.
 
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docxMobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdf
 
Malware Applications Development.pptx
Malware Applications Development.pptxMalware Applications Development.pptx
Malware Applications Development.pptx
 
The 10 Commandments Security Of Mobile App Development
The 10 Commandments Security Of Mobile App DevelopmentThe 10 Commandments Security Of Mobile App Development
The 10 Commandments Security Of Mobile App Development
 
Keeping Your Cloud Data in Check
Keeping Your Cloud Data in CheckKeeping Your Cloud Data in Check
Keeping Your Cloud Data in Check
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
How to Secure Your Mobile Commerce App.pdf
How to Secure Your Mobile Commerce App.pdfHow to Secure Your Mobile Commerce App.pdf
How to Secure Your Mobile Commerce App.pdf
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies
 
7 Steps to Boosting Your App Security in 2022
7 Steps to Boosting Your App Security in 20227 Steps to Boosting Your App Security in 2022
7 Steps to Boosting Your App Security in 2022
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in Nepal
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware Report
 
The Importance of Mobile App Security
The Importance of Mobile App SecurityThe Importance of Mobile App Security
The Importance of Mobile App Security
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to Avoid
 

Dernier

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 

Dernier (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 

Avoiding Bad URL's In the Mobile Web

  • 1. A DIGITAL LIFE E-GUIDE AvoidingBadURLs in the Mobile Web
  • 2.
  • 3. Mobile malware isn’t the only thing you have to worry about every time you use your mobile device to go online. Cybercriminals are stepping up the production and sophistication of their mobile threats. They’re not stopping at just creating malicious apps and putting them where you can easily mistake them for legitimate ones. By using bad URLs that execute malicious routines, cybercriminals also make browsing the web on your mobile device more dangerous. It Doesn’t Stop at Malicious Apps
  • 4. Malicious URLs come in different forms: •  Malicious domains use keywords related to anything mobile (e.g. Android, mobile, etc.). These domains host mobile malware in the form of .APK files, which are recognized by Android as mobile app installation files. Sometimes these files are advertised as free versions of paid apps, or are automatically downloaded onto your mobile device without your knowledge. •  Malware-tied websites are linked to a mobile malware’s malicious routines. 16.88% of all the malicious and high- risk apps we’ve detected so far connect to bad URLs. These URLs can vary in function. They can serve as a repository of stolen information, host configuration files or malware components, or host malicious ads or adware. •  Mobile phishing websites spoof legitimate login pages. Cybercriminals trick you into giving your login details by relying on the inability of some smartphones to display their phony web pages completely. Mobile phishing is not a new phenomenon by any means, but there is a rise in its incidences. For more information, read our e-guide, Protecting Yourself Against Mobile Phishing. Bad URL Types
  • 5.
  • 6.
  • 7. Even the most careful mobile user may encounter bad URLs. Here are some example scenarios: •  App installation: Installing apps can make you susceptible to malicious URLs. A Trojanized version of the Bad Piggies app discovered in late 2012 makes a home screen shortcut to the malicious app’s source website upon installation. Opening it leads you to download even more malware onto your device. Candy Crush, a popular puzzle game app, was also recently targeted. Packaged as a ‘cheating’ app for the game itself, it actually pushes ad notifications that could be used as points of entry for malicious URLs. •  App usage: Using fake or Trojanized apps can expose you to malicious URLs. A malicious in-app advertisement or the app itself can link you to a malicious URL. The malicious app we detect as ANDROIDOS_KSAPP.A automatically connects to certain URLs in order to send and receive information. •  Online activities: Making mistakes while typing your target website’s URL on the mobile browser’s address bar could lead you to a spoofed web page. The 2012 holiday season saw banks and other organizations becoming mobile phishing targets, with pages spoofing websites such as Paypal and Amazon. Cybercriminals can also tailor their pages with keywords so their malicious websites will show up in your search results. •  SMS: Receiving and reading SMS messages on your mobile device can make you susceptible to malicious URLs. 419 scams (Nigerian scams) have long been a desktop threat, and its mobile equivalent, SMiShing, made its debut in 2006. Cybercriminals spam you with SMS messages that offer free items such as coupons or gifts. The spam then points you to a URL where you can supposedly find out how to redeem the offered items. The URL may appear to be of a legitimate website’s, but clicking it actually leads to a malicious web page. How You Encounter Them
  • 8. Becoming a victim of bad URLs can turn your mobile browsing experience awry. Here are some of the things cybercriminals can do: •  Information theft: Cybercriminals can violate your privacy by posting or selling your personal details, SMS or call information, and location. •  Account security compromise: Any online account you access with your mobile device can be compromised. Cybercriminals can use them for malicious purposes, such as draining your bank accounts or leaving you with unexpected bills for products or services you didn’t even purchase. •  Mobile malware infection: Your mobile device could end up being infected with mobile malware hosted by malicious websites. •  Mobile device security compromise: Some mobile malware variants can actually take complete control of your mobile device without your knowledge. Cybercriminals can make calls or send SMS messages without your authorization, as well as subscribe you to premium services. These could result in more unforeseen charges. What Can Happen
  • 9.
  • 10. Mobile web threats prove that mobile malware protection isn’t enough to be completely safe. Here are some safety practices you should look into: •  Use only official apps. Only download from trusted sources, such as the developer’s website or from Google Play. This reduces the chances of you downloading a malicious app by mistake. •  Always check the permissions of each mobile app you download and install. If the app is asking for your permission to perform certain functions outside of its intended use, uninstall it immediately. An example is a game app asking to make calls or SMS messages in your behalf. •  Bookmark the websites you frequent. If you must use your smartphone’s mobile browser, bookmark the sites you frequent. This decreases the chances of you landing on a phishing site. •  Get a mobile security solution. Powered by the Trend Micro™ Smart Protection Network™, Trend Micro Mobile Security identifies and stops mobile threats before they reach you. It provides a holistic approach to mobile security through its Web Reputation Service engine, which comprehensively classifies URLs and blocks those that are malicious. What You Can Do To Protect Yourself
  • 11.
  • 12. Copyright ©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. TRENDLABS TrendLabs is a multinational research, development, and support center with an extensive regional presence committed to 24 x 7 threat surveillance, attack prevention, and timely and seamless solutions delivery. With more than 1,000 threat experts and support engineers deployed round-the-clock in labs located around the globe, TrendLabs enables Trend Micro to continuously monitor the threat landscape across the globe; deliver real-time data to detect, to preempt, and to eliminate threats; research on and analyze technologies to combat new threats; respond in real time to targeted threats; and help customers worldwide minimize damage, reduce costs, and ensure business continuity. TREND MICRO Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge— from the Internet. They are supported by 1,000+ threat intelligence experts around the globe. LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable in all situations and may not reflect the most current situation. Nothing contained herein should be relied or acted upon without the benefit of legal advice based upon the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without notice. Translations of any materials into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency or completeness. You agree that access to and use of and reliance upon this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing or delivering this document shall be liable for any consequences, losses, or damages, including direct, indirect, special, consequential, loss of business profits or special damages, whatsoever arising out of access to, use of or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an “as is” condition.