The risk of phishing on mobile devices is growing, with more than half of mobile users clicking on compromised links in the last year.
A report from Lookout indicates that the mobile phishing URL click rate has increased 85% year-over-year since 2011.
“Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways,” says Aaron Cockerill, chief strategy officer at Lookout.
“Operating outside the perimeter and freely accessing not just enterprise apps and SaaS, but also personal services like social media and email, mobile devices are rich targets for attack since they may lack enterprise security, but enable enterprise access and authentication.”
Phishing attacks are particularly effective on mobile devices because hidden email headers and URLs make it easy to spoof email addresses and websites while new vectors, including SMS and messaging apps, enable attackers to make their campaigns personal.
“It’s critical for enterprises to realize that when it comes to mobile devices, email is not the only phishing attack vector,” says Cockerill. “Attackers now take advantage of SMS, as well as some of today’s most popular and highly used social media apps and messaging platforms, such as WhatsApp, Facebook Messenger, and Instagram, as a means of phishing.
“Security professionals who overlook these new routes of attack put their organisations at risk.”
“Mobile Phishing 2018: myths and facts facing every modern enterprise” is the first mobile security report to provide these mobile phishing URL click rates, joining a growing body of research that establishes that most cyber attacks begin with phishing and people are more susceptible to phishing on mobile.
The report analyses data from more than 67-million mobile devices protected by Lookout since 2011. All data is anonymous, and no corporate data, networks, or systems were accessed to perform this analysis.
Highlights of the Lookout report include:
* Mobile phishing yields responses from most users – Fifty-six percent of Lookout users received and clicked on their mobile device a phishing URL that bypassed existing layers of phishing defense. Of those mobile users that clicked on a mobile phishing URL, they did so an average of six times per year.
* Mobile phishing is increasing – The rate at which Lookout users are receiving and clicking on phishing URLs on their mobile devices has grown year-over-year by a staggering 85% on average since 2011.
* Attack vectors made possible by mobility are highly effective – In one enterprise experiment, over 25% of employees clicked on a link in an SMS message from a phone number spoofed to look like one in their area.
In order to combat the growing threat of mobile phishing, Lookout has introduced phishing and content protection to Lookout Mobile Endpoint Security that lets companies detect, protect, remediate and analyse attacks.