Mobile phishing attacksOrhan Sari
A report from mobile security company Wandera, reveals a rising threat, phishing on mobile devices. According to report, 81 % mobile phishing attacks were initiated outside of email, 63% happen on iOS devices, and 12 % of all mobile security incidents involve phishing URLs. 1
Known phishing URLs are distributed in all kinds of ways, but in this report, the gaming apps are appeared to be the most popular choice for cybercriminals, followed by email apps, sports and new/weather services.
According to another report published by Lookout, a mobile security firm, the rate at which users are receiving and clicking on phishing URLs on their mobile devices has increased at an average rate of 85% per year since 2011. 56% of users received and clicked on a phishing URL that bypasses existing layers of defense according to report. Lookout revealed that cybercriminals are successfully circumventing existing phishing protections to target the mobile devices. Thus, they manage to expose sensitive data and personal information at an alarming rate, the company claims.
According to Lookout:5
Phishing is both different and more problematic on the mobile device.
Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail needed to identify phishing attacks, such as hovering over hyperlinks to show the destination. As a result, mobile users are three times more likely to fall for phishing scams, according to IBM.
Most corporations are protected from email-based phishing attacks through traditional firewalls, secure email gateways, and endpoint protection. Besides, people today are getting better at identifying phishing attacks. Mobile, however, has made identifying and blocking phishing attacks considerably more difficult for both individuals and existing security technologies.
In fact, in spite of being protected by traditional phishing protection and education, 56% of Lookout users received and tapped a phishing URL on their mobile device between 2011–2016. Fortunately, in these cases, the attack was thwarted by Lookout. Unfortunately, though, the rate at which Lookout users are receiving and tapping on phishing URLs on their mobile devices has grown by an average of 85% YoY since 2011.
The problem with phishing on mobile is a much more nuanced beast than enterprises realize. Before enterprises can achieve comprehensive protection against phishing attacks across all vectors, including the mobile device, security and IT professionals need to understand how current phishing myths muddy the waters and get the facts that will help them make informed decisions on how to protect corporate data
Solutions to prevent mobile phishing
- Don’t engage with unknown or suspicious email or social media messages
- Check the domain names of links whether they have a secure connection
- Do not submit your sensitive information while using open Wi-Fi networks
- Beware of shortened URLs
- Educate your employees to prevent phishing attempts
- Use phishing simulator to face real threat scenarios and prepare for phishing attacks