Phishing on Mobile Devices
The authors assess the risk of phishing on mobile platforms. Mobile operating systems and browsers lack secure application iden-tity indicators, so the user cannot always identify whether a link has taken her to the expected application. They conduct a systematic analysis of ways in which mobile applications and web sites link to each other. To evaluate the risk, they study 85 web sites and 100 mobile applications and discover that web sites and applications regularly ask users to type their passwords into contexts that are vulnerable to spoofing.