The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Most of us don’t think twice about opening and maintaining multiple free email accounts where we live out our digital lives. And we’re getting more and more comfortable by the day at downloading and using mobile apps.
Yet those behaviors can harm us. ThirdCertainty sat down with David Duncan, chief marketing officer for threat intelligence and security company Webroot, to discuss how cybercriminals are hustling to take advantage of our love of free Web mail services and nifty mobile apps.
3C: Phishing attacks leveraging our love of Google, Apple, Yahoo, Facebook and Dropbox are skyrocketing. How come?
Duncan: There are 10 times more phishing attacks based on emulating tech companies than financial firms. You’d think it would be the other way around, but it’s not. The focus is on stealing information from your various email accounts because it’s easier to spoof people into acting on something that appears to come from Google or Apple than from Bank of America or Citibank.
3C: Because we’re less suspicious of Google and Apple than big banks?
Duncan: Yes. Phishers prey on the fact that we see those brands as trustworthy brands.
3C: What ruses should folks watch out for?
Duncan: It’s the typical ones. You’ll get something advising you of the need to change your password or share your contacts. They’ll send you a link to click. A certain percentage of gullible users will click on the link and follow instructions to give up their credentials.
I can’t say I know of any specific new strategies other than the fact that the focus is on impersonating big domains like Google and Yahoo because people don’t think too much about something that appears to be coming from those trusted sources.
3C: Is there really a one-in-three chance the average person will fall for a phishing scam?
Duncan: Yes, there is a 30% chance of Internet users falling for a zero-day phishing attack over the course of the year. It used to be about one out of every seven phishing emails actually got through. But we’re human beings, which means we’re gullible.
3C: What about mobile apps? What’s the risk there?
Duncan: A year ago, we tracked about 8 million mobile apps, and around 75% were trustworthy and 10% were benign. So 15% were malicious or suspicious. Now we’re classifying 15 million mobile apps, and we’re finding 35% to 40% are suspicious or malicious in character.
3C: That’s a pretty significant change.
Duncan: People don’t think of installing an app on their mobile device as installing a potentially unwanted application that’s being delivered from an untrustworthy app store.
3C: So is this mostly an Android exposure?
Duncan: Probably 90% is Android, maybe 10% is iOS. Apple has a more secured kind of walled guard for verifying and authenticating the source of applications. But it also depends on what users are accustomed to. If you go over to certain geographies in the world, people may not necessarily always go to the iTunes store. There are a lot of third-party websites where even iOS apps are cheaper or they’re free.
Image: iStock
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams