Detailed attack pattern

Stable

CAPEC-164: Mobile Phishing

Also known as: Smishing, MobPhishing

An adversary targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Mobile Phishing is a variation of the Phishing social engineering technique where the attack is initiated via a text or SMS message, rather than email. The user is enticed to provide information or visit a compromised web site via this message. Apart from the manner in which the attack is initiated, the attack proceeds as a standard Phishing attack.

High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

CAPEC-164: Mobile Phishing

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

How to detect it

Examples

Terminology & mappings

Alternate terms

Frequently asked questions

What is CAPEC-164?

How does a Mobile Phishing attack work?

How do you prevent CAPEC-164?

What weaknesses does CAPEC-164 target?

How severe is CAPEC-164?

References

Defend against CAPEC-164