| Researchers May 9, 2019
May 9, 2019
Although much has already been published about the prevalence of https websites in phishing attacks, it’s important to keep this threat top of mind-- after all, phishing attacks are increasingly targeting mobile users.
First developed in 1994, the SSL certificate has long been regarded as the gold standard for digitally certifying the identity of a website and encrypting website traffic. Websites secured by SSL certs are designated by the prefix 'https' and typically accompanied by a padlock icon in the browser status bar. This encryption helps protect against man-in-the-middle attacks, spoofed websites, and eavesdroppers so that your information remains secure.
Unfortunately, without a central authority governing the creation of https sites, hackers are registering and spinning up https-enabled phishing sites at a rapid pace. Once clicked, the link directs the user to the phishing site, which appears completely legitimate. The user observes both the padlock in the status bar, the https prefix, and relevant content -- as a result, feels confident enough to proceed as usual -- entering credentials, personal information, or even credit card information.
Phishing attacks are even harder to detect on mobile devices, as the features, functionality, and even the screen size of today’s mobile devices offers attackers an advantage in phishing.
But why are mobile devices a prime target for these attacks? Below are a few basic reasons:
To detect fraudulent https sites, Lookout Phishing AI processes 15 Million TLS certificate events and 150,000 new domain registrations daily. With this level of AI analysis, Lookout consistently discovers nearly 15,000 high-confidence phishing domains each month and expects these numbers to increase.
While Lookout Phishing AI detects and monitors phishing campaigns, Lookout Phishing and Content Protection verifies the safety and validity of a website prior to granting access. This means, if you accidentally click a link to a malicious https site, Lookout will protect enterprises and their data by blocking access to the site and notifying them of this threat.
Https phishing attacks may be common and hard to spot, but with Lookout deployed, enterprises have comprehensive mobile phishing protection -- ensuring that their corporate data is secure in today’s post-perimeter, cloud-first, mobile-first world.
Learn more about how to secure your corporate data from mobile phishing attacks.
Jeremy Richards Principal Security Researcher