Internet security company Trusteer has managed to get access to the log files of Web servers that hosted phishing Websites. Their conclusion? Cell phone users are idiots compared to their desktop computing counterparts. Well, they don't say it as bluntly as that, but their data is damning.
Cell phone users are three times more likely than users of desktop computers to offer up confidential login details to a phishing site, and they are also quicker to respond to phishing scams.
Rather controversially, Trusteer claims iPhone users are the most foolish of all, accessing phishing Websites more than BlackBerry users by a factor of eight. This is especially galling bearing in mind BlackBerry is still a market leader in the US, with 36 percent of the smarphone market in October 2010 compared to the iPhone's 25 percent. In other words, iPhone users appear to be making extra special efforts to be dumb.
Trusteer suggests that the prompt response might be down to the fact that phones are "always on," and likely to be accessed more frequently and casually than traditional desktop or laptop computers. The speed of the response is of major importance to phishing sites because they're often taken offline quickly once the ruse is spotted.
However, adding to the woes might be push e-mail, where in messages are delivered to phones and an alarm noise sound, prompting the user into action. It can be hard to ignore an e-mail on a cell phone.
As for why phone users are three times more likely to hand over their information, it's anybody's guess. Trusteer suggest it's because small mobile phone screens make it difficult to glean all the necessary information from an e-mail; the "from" field may be shortened to just the claimed name, for example, rather than showing the full and fraudulent address.
However, we might also guess that phones compact and alter the layout of the e-mail and fraudulent website so that it becomes hard to detect any irregularities. Viewing a whole e-mail might reveal telltale spelling or grammar errors, but a phone user is likely to read the first few lines without bothering to scroll down to the rest, and respond to the link quickly. Additionally, a fraudulent Website might look different to the official site, but on a mobile phone screen this might be harder to detect.
Another issue could be that smartphone users believe themselves immune to malware that affects desktops and laptops. Despite prognostications for many years, viruses and malware on smartphones are still relatively rare, and most users are aware that Windows viruses will not affect them.
The solution to these issues is user education. However, you're not alone if you're left wondering why mobile phone browsers don't have the same security features built into desktop browsers like Firefox or Google Chrome, both which have phishing detection for some time now.
Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and his Twitter feed is @keirthomas .