Story image

Phishing: It's all too easy on mobile devices

22 Nov 2018
Sponsored

Imagine a world without mobile devices. We only need to cast our minds back a couple of decades to conjure up an image; but in 2018 that world is almost unthinkable.

Despite the saturation of mobile devices everywhere from the workplace to the home, they're still vulnerable to a lack of security. Cybercriminals are quick to exploit this lack of care.

Websites and apps have been optimised for mobile, but mobile devices are easily compromised because they present new ways of delivering attacks.

Take phishing for example. Phishing on mobile is extremely difficult to spot with the naked eye. It only takes a single tap to compromise a mobile device. It could be a malicious URL, or maybe an innocent-seeming app connected to a malicious ad network. 

Or it could be an email that looks like it came from Greg in HR but was designed to trick your employees into giving up their credentials. A single errant tap moves an attacker closer to your data.

What’s more, it’s difficult to preview a link on a mobile device to see if it’s legitimate. On a desktop or laptop you’d generally hover your mouse over a link, but mobile users don’t have that luxury.

Lookout Personal analysed 67 million mobile devices between 2011 and 2016. If found that 56% of users received and tapped a phishing URL that bypassed their phone’s existing phishing defense capabilities. Of that 56%, people tapped on an average of six phishing URLs per year.

The number of phishing attempts is also on the rise – according to Lookout, phishing URLs have increased by an average of 85% year-over-year since 2011.

“We have seen up to 87% of the traffic to phishing sites coming from mobile devices,” Lookout says.

That’s bad news for users and devices, but great news for cybercriminals who are trying to offload their malware, steal personal information, or demand ransoms.

It’s a major problem, but employers and users are still failing to take adequate steps against phishing attacks.

Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail users need to identify phishing attacks, such as hovering over hyperlinks to show the destination. 

Endpoint security firms such as Lookout are making it their mission to protect users, their organisations, and their data from phishing attacks.

To protect data from compromise, it’s now necessary to prevent employees from tapping malicious URLs that hide inside apps, in addition to SMS, messaging platforms, corporate and personal email.

Lookout offers comprehensive protection against mobile phishing on Android and iOS devices to keep enterprise data secure in a nuanced, mobile world.

One way it does this is by detecting phishing attempts from any source including email, social media and apps. It also allows IT administrators to set policies that protect against phishing attempts.

Lookout blocks attempted connections to URLs at the network level, instead of inspecting message content. This ensures employee privacy remains safe – this is important because users’ communication across social and messaging platforms needs to be safeguarded.

Learn how to protect your organisations’s data from malicious phishing attacks here.

To contact Lookout for a free demo or to find out how Lookout can help you protect your organisation’s data, click here.

Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.