Phishing is still the number one mobile threat
A new phishing site is launched every 20 seconds and is only active for an average of 4 hours
To most people, the word “phishing” conjures up thoughts of poorly worded emails offering ‘unclaimed lottery winnings’ or ‘hassle free’ payouts from ominous third parties. Fast-forward to 2019, and things are very different. Phishing is not only pervasive, but it is also the most damaging and high-profile cybersecurity threat facing organizations today – supported by research from Google, Black Hat and the U.S. Department of Homeland Security.
57% of all organizations have experienced a mobile phishing incident
The prevalence of phishing within our network of corporate mobile devices is very high when you consider that a lot of them are purpose-built, single-function devices, such as point-of-sale iPads that have a single payment application running with no access to web browsing or email. The likelihood of encountering a mobile phishing attack also climbs even higher as the employee count does. Once an organization exceeds 1,000 employees, the likelihood of a phishing incident reaches 85% and continues to increase exponentially as the employee count climbs.
The number of mobile phone users in the world was predicted to pass the 4.7 billion mark by 2019, so it comes as no surprise that mobile is now the focal point of attacks. Cybercriminals have developed a troubingly deep understanding of human nature, and they know exactly how to use it against us.
Phishing has moved beyond email
Having realized that email was a breeding ground for cyber threats, organizations responded by enlisting email-focused security solutions to protect data. However, this style of protection fails to provide comprehensive protection for the mobile workforce, as the proliferation of mobile technology has dramatically changed the phishing landscape. Wandera’s 2018 Mobile Phishing Report revealed that 83% of mobile phishing attacks occur outside of email. Less scrutinized channels like SMS, iMessage, Facebook Messenger, WhatsApp and other popular messaging apps, games and social media platforms are being employed at scale to distribute phishing links in places employees previously thought were safe from cyber threats.
83% of successful mobile phishing attacks take place outside of email
Mobile is a fertile arena for phishing attacks for a number of reasons. First, people work quickly and act instinctively on their mobile devices. The smaller screen size makes it more difficult to inspect suspicious-looking URLs, and the on-the-go nature of mobile devices means more distracted users. Also, BYOD users tend to be more trusting of their personal mobile devices, and cybercriminals use this sense of security to their advantage in exploiting human error.
Phishing attacks are using high profile sites and brands
To increase the success rate of an attack, hackers need to be selective in deciding which companies to impersonate. It’s simple – reputable brands with large user communities are less likely to arouse suspicion, since victims may already receive regular communication from these brands. Plus, the more users, the more potential targets.