Home > CAPEC List > CAPEC-164: Mobile Phishing (Version 3.2)  

CAPEC-164: Mobile Phishing

Attack Pattern ID: 164
Abstraction: Detailed
Status: Draft
Presentation Filter:
+ Description
An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Mobile Phishing is a variation on the Phishing social engineering technique where the attack is initiated via mobile texting rather than email. The user is enticed to provide information or go to a compromised web site via a text message. Apart from the manner in which the attack is initiated, the attack proceeds as a standard Phishing attack.
+ Alternate Terms

Term: MobPhishing

+ Typical Severity


+ Relationships

The table below shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.

ChildOfStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.98Phishing

The table below shows the views that this attack pattern belongs to and top level categories within that view.

+ Prerequisites
Attacker needs mobile phone numbers to initiate the connection. The attacker must guess an area of interest for the mobile user to entice them to follow the link provided in the text message. The attacker must have a replicated web site as in a normal Phishing attack.
+ Resources Required
Either mobile phone or access to a web resource that allows text messages to be sent to mobile phones. Resources needed for regular Phishing attack.
+ Content History
Submission DateSubmitterOrganization
2014-06-23CAPEC Content TeamThe MITRE Corporation
Modification DateModifierOrganization
2017-01-09CAPEC Content TeamThe MITRE Corporation
Updated Alternate_Terms
Previous Entry Names
Change DatePrevious Entry Name
2017-01-09Mobile Phishing (aka MobPhishing)
More information is available — Please select a different filter.
Page Last Updated or Reviewed: September 30, 2019