sb-as logo
Story image

Phishing: It's all too easy on mobile devices

22 Nov 2018

Imagine a world without mobile devices. We only need to cast our minds back a couple of decades to conjure up an image; but in 2018 that world is almost unthinkable.

Despite the saturation of mobile devices everywhere from the workplace to the home, they're still vulnerable to a lack of security. Cybercriminals are quick to exploit this lack of care.

Websites and apps have been optimised for mobile, but mobile devices are easily compromised because they present new ways of delivering attacks.

Take phishing for example. Phishing on mobile is extremely difficult to spot with the naked eye. It only takes a single tap to compromise a mobile device. It could be a malicious URL, or maybe an innocent-seeming app connected to a malicious ad network. 

Or it could be an email that looks like it came from Greg in HR but was designed to trick your employees into giving up their credentials. A single errant tap moves an attacker closer to your data.

What’s more, it’s difficult to preview a link on a mobile device to see if it’s legitimate. On a desktop or laptop you’d generally hover your mouse over a link, but mobile users don’t have that luxury.

Lookout Personal analysed 67 million mobile devices between 2011 and 2016. If found that 56% of users received and tapped a phishing URL that bypassed their phone’s existing phishing defense capabilities. Of that 56%, people tapped on an average of six phishing URLs per year.

The number of phishing attempts is also on the rise – according to Lookout, phishing URLs have increased by an average of 85% year-over-year since 2011.

“We have seen up to 87% of the traffic to phishing sites coming from mobile devices,” Lookout says.

That’s bad news for users and devices, but great news for cybercriminals who are trying to offload their malware, steal personal information, or demand ransoms.

It’s a major problem, but employers and users are still failing to take adequate steps against phishing attacks.

Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail users need to identify phishing attacks, such as hovering over hyperlinks to show the destination. 

Endpoint security firms such as Lookout are making it their mission to protect users, their organisations, and their data from phishing attacks.

To protect data from compromise, it’s now necessary to prevent employees from tapping malicious URLs that hide inside apps, in addition to SMS, messaging platforms, corporate and personal email.

Lookout offers comprehensive protection against mobile phishing on Android and iOS devices to keep enterprise data secure in a nuanced, mobile world.

One way it does this is by detecting phishing attempts from any source including email, social media and apps. It also allows IT administrators to set policies that protect against phishing attempts.

Lookout blocks attempted connections to URLs at the network level, instead of inspecting message content. This ensures employee privacy remains safe – this is important because users’ communication across social and messaging platforms needs to be safeguarded.

Learn how to protect your organisations’s data from malicious phishing attacks here.

To contact Lookout for a free demo or to find out how Lookout can help you protect your organisation’s data, click here.

Story image
Guardicore Labs exposes brute force MS-SQL attack campaign
The cyber attack campaign uses password brute force to breach victim machines, deploys multiple backdoors and executes numerous malicious modules, such as multifunctional remote access tools (RATs) and cryptominers. More
Story image
Interview: RSA explains security in the epoch of IT disruption
We discussed cybersecurity in terms of how it fits into business continuity, as well as the threat landscape, and what RSA is currently doing to assist businesses that need protection.More
Story image
Opportunity knocks for robotics in world of COVID-19
ABI Research highlights that while manufacturing opportunities are down, the worlds of disinfecting, surveillance and delivery are opening.More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
80% of cyber threat landscape uses COVID-19 as leverage - report
A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.More
Story image
Marriott International reports breach affecting 5.2 million customers
Marriott said in statement that an ‘unexpected’ amount of guest information may have been accessed in mid-January this year, using the login credentials of two employees at one of the company’s franchise properties.More