People enjoy the convenience of their mobile device to read e-mail, check account balances, and pay bills. It’s possible to become a victim to a phishing scam while on a mobile device. Sometimes it could be difficult to tell you are on a phishing site because the regular techniques to check for a phish on a mobile device is not apparent. For example, in the image below, it would appear that we are on PayPal’s website to log in to our account. However, if we examine the URL closely, we see that we are on paypal-service-update-your-information. This is suspicious because although paypal is in the first part of the URL, we can't tell if it really is PayPal’s site.
If you were to examine the full link, you would see that we are not on the paypal.com website, but instead on one controlled by the cybercriminal. When you are unsure or want to double check what page you're on, it's best to look at the full URL. See tip number 2 below to learn how. Checking the full URL is important because cybercriminals could make copies of popular websites to trick you into thinking that you are on the legitimate webpage.
Another example of this is below. This one is trying to trick you into thinking that you are on Google’s login page. The cybercriminal is relying on your mobile browser to hide the full URL of the page that you're on. In the first picture below, it would appear that we are on mail.google.com. However, if you tap into the URL bar to examine the URL closely, you will notice that you are really on com-secretsite's website which is shown in the second picture.
- Before clicking on links, tap and hold the URL to view where it’s going. This ensures that the link is really taking you where it says it is. If the link looks suspicious, it’s best to not click on the link. This technique works in web browsers and email apps.
- When on a web page, check the URL bar to ensure you are on the page you should be on. Cybercriminals craft links to impersonate legitimate sites and services. If you're unsure if you’re on the right page, tap in the address bar and swipe left to right to view the full URL. To verify the true website that you’re on, look for the last period before the first forward slash. The words to the left and right of that period is the web site you are on.
For example, in the image below, the full URL is artsci.manoa.hawaii.edu/. The word to the left of the last period is hawaii, and to the right of the last period is edu and the first forward slash. We make the determination that it is "hawaii.edu" which is the official web site used by the University of Hawai‘i.