A paper at recent security conference gets all worried about web-enabled gadgets like phones and games consoles being a haven for phishing scams. They direct people to a fake version of a site where they have a secure account, like a bank, and harvest the details they type in.
The problem is, say researchers at University of California, Davis, that cramming a browser onto a small screen means bits are chopped off. One of the first things to go is the address box that shows the URL you are visiting – the place to check if you want to know if you are being phished.
As well as not displaying full URLs, mobile web surfers are not encouraged to type out addresses in full like on a full-size computer.
That means people are more likely to select links in emails, and less likely to notice that they are not the URL they are expecting, the researchers found.
They suggest browsers should display full URLs, and that another solution would be to change the way phones use the web. Instead of surfing directly, they could go via an intermediary service that screens all the content they access.
Mobile web use is said to be growing fast as devices like the iPhone compete to make it easier – and an increase in phishing is sure to follow. The solutions suggested could certainly work, but I don’t think it will be long before mobile browsers get built-in phishing warnings like conventional browsers do.