| Executives June 2, 2020
June 2, 2020
By Hank Schless
There are very few examples of cybercriminal tactics that are more adaptable or have a greater impact than phishing attacks. While it originated as email-based scamming, phishing has since evolved alongside the massive adoption of smartphones and tablets to become one of the biggest security threats faced by organizations today. The dangers of mobile phishing was put on display recently as the world’s workforces went to their homes as a result of the coronavirus pandemic.
In the newly released Mobile Phishing Spotlight Report, Lookout revealed that enterprise mobile phishing encounter rates surged 37% between the last quarter of 2019 and the first quarter of 2020.
Enterprise phishing encounter rates by quarter in 1Q2019–1Q2020. Source: Lookout
The significant increase is not entirely surprising given the current circumstances. Workers are no longer within the protective perimeter of their office-based security controls. At the same time, many are turning to their personal mobile devices to stay productive. This is especially true for employees who do not have a laptop computer at the office or who don’t have a large monitor at home and want to multitask. In short, remote work has created a prime opportunity for cybercriminals to expand their phishing attacks.
The transformation away from the physical office to a mobile-first work environment has been ongoing for a while now. But the recent crisis has accelerated this shift and made it permanent for many organizations. Large corporations such as Twitter, Facebook and Shopify have all committed to keeping their workforce remote after shelter-in-place measures are lifted. With this new reality, organizations need to ensure they are prepared.
One way to protect your organization is educate your employees on how mobile phishing is different and why mobile phishing attacks are successful. One of the fundamental differences between mobile devices and personal computers is that they are inherently more trusted by their users. Mobile devices sit at the intersection of their owners’ personal and professional identity, especially while working remotely. The other aspect that makes mobile phishing dangerous is that there are many more ways to deliver a malicious link outside of email – such as SMS, social media, messaging platforms, and even dating apps. Also, with a smaller screen and simplified user interface, it’s very difficult to spot a malicious link on a mobile device.
While education goes a long way, it’s not enough. Organizations also need to make sure they move away from legacy security protocols that are built on the idea that everyone is working in an office. One thing the Mobile Phishing Spotlight Report makes clear is that cybercriminals are well aware of the new normal; making it imperative that organizations adopt a comprehensive mobile security solution that is built for a cloud-enabled mobile-first world.
To learn more about the evolution of mobile phishing, the impact across industries and how organizations can better defend against these evolving threats, please explore the Lookout State of Mobile Phishing Report.
Hank Schless Senior Manager, Security Solutions