Home > CAPEC List > CAPEC-164: Mobile Phishing (Version 2.11)  

CAPEC-164: Mobile Phishing

Mobile Phishing
Definition in a New Window Definition in a New Window
Attack Pattern ID: 164
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Mobile Phishing is a variation on the Phishing social engineering technique where the attack is initiated via mobile texting rather than email. The user is enticed to provide information or go to a compromised web site via a text message. Apart from the manner in which the attack is initiated, the attack proceeds as a standard Phishing attack.

+ Alternate Terms

Term: MobPhishing

+ Attack Prerequisites
  • Attacker needs mobile phone numbers to initiate the connection. The attacker must guess an area of interest for the mobile user to entice them to follow the link provided in the text message. The attacker must have a replicated web site as in a normal Phishing attack.

+ Typical Severity


+ Resources Required

Either mobile phone or access to a web resource that allows text messages to be sent to mobile phones. Resources needed for regular Phishing attack.

+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Alternate_TermsInternal
Previous Entry Names
DatePrevious Entry Name
2017-01-09Mobile Phishing (aka MobPhishing)

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017