Abstract: As one of the important branches of dark mobile bank, phishing attacks have shown a trend of rapid burst in recent years. With the popularity of electronic commerce and mobile payment, phishing has also undergone new changes. In addition to the traditional phishing updated, it also evolved into a new way of phishing which targets mobile terminal users. Phishing attacks that make use of malicious code, malicious WiFi and pseudo base stations to send text messages are becoming more and more. Meanwhile, iPhone fishing industry is gradually emerged, the number of mobile phishing continues to rise. We believe that frequent phishing attacks and other highrisk events are closely related with black industry chain which has a huge amount of disclosure of privacy data, privacy disclosure contributes a lot to phishing attacks. AVL Mobile Security and YUNDI made a deep analysis of phishing attacks under the current Internet environment, revealing the relevant underground industry chain. The report aims at providing recommendations for national regulators and operators to set up network security administration regulations, laws and measures, and reminding enterprises and public users to enhance security awareness and comprehensively improve the level of security technology.

Key words: phishing, mobile phishing, personal privacy leaking, fake bank websites, telecom fraud, pseudo base station, SMSintercepting trojans

摘要： 钓鱼攻击作为移动金融黑产中的一大分支，近年来呈现高速爆发趋势.随着电商购物、移动支付的盛行，网络钓鱼攻击发生了新的变化，除了传统网络钓鱼的更新迭代，还演变出针对移动终端用户的新型钓鱼方式.伪基站短信钓鱼、利用恶意代码钓鱼、恶意WiFi钓鱼攻击愈演愈烈，iPhone钓鱼产业显现，移动钓鱼数量持续攀升.钓鱼攻击等威胁事件频发与黑产产业链拥有海量隐私泄露数据是息息相关的，隐私泄露成为钓鱼攻击重要帮凶.安天移动安全联合中国电信云堤深度分析当前互联网环境下的钓鱼攻击威胁，揭密相关地下产业链，为国家监管机构、运营商建立安全管理法律法规和措施提供依据和建议，同时提醒企业和公众用户增强安全意识，全面提高安全防范技术水平.

关键词: 网络钓鱼攻击, 移动钓鱼, 个人隐私泄露, 仿冒银行网站, 电信诈骗, 伪基站, 拦截马