Mobile Phishing Awareness

What’s covered

• SMS & Messaging Phishing (Smishing): Identifying fraudulent texts claiming to be from delivery services, banks, or IT departments.

• The “Mobile Blind Spot”: Why shortened URLs and condensed UI make it harder to spot fake login screens on a small display.

• Application-Based Risks: Understanding how malicious apps or “shadow” social media accounts solicit sensitive credentials.

• Prompt Fatigue: Recognising the danger of “MFA fatigue” and unexpected authentication prompts.

• Safe Reporting Protocols: The specific steps to take when a mobile device is suspected of being compromised.

Learning outcomes

By the time you complete Mobile Phishing Awareness, you should be able to:

Identify

• Identify the red flags unique to mobile communication, such as suspicious area codes and urgent, unsolicited call-to-actions.

• Validate links and sender identities on mobile operating systems before clicking or entering data.

• Apply secure habits while working remotely, including the use of verified apps over third-party downloads.

• Differentiate between legitimate system notifications and spoofed pop-ups designed to steal credentials.

• Mitigate risks to company data by following the correct incident response chain for mobile-based threats.

React to

• The Urgent Text: If you receive a “Your account is locked” SMS, do not click the link; instead, navigate to the official app or website manually.

• The Unexpected MFA Prompt: If your phone pings with an authentication code you didn’t request, deny the request immediately and report it to IT.

• The “App-Slapping” Pop-up: When a website asks to install a profile or a new app to “view content,” close the browser tab immediately.