Mobile devices have opened a profitable new window of opportunity for criminals executing phishing attacks. Attackers are successfully circumventing existing phishing protection to target the mobile device. These attacks are highlighting security shortcomings and exposing sensitive data and personal information at an alarming rate.
Most corporations protect themselves from email-based phishing attacks through traditional firewalls, secure email gateways, and endpoint protection. In addition, people today are getting better at identifying phishing attacks. Mobile, however, has made identifying and blocking phishing attacks considerably more difficult for both individuals and existing security technologies.
Phishing is both different and more problematic on the mobile device.
Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail needed to identify phishing attacks, such as hovering over hyperlinks to show the destination. As a result, mobile users are three times more likely to fall for mobile phishing scams, according to IBM.
Finally, the huge amount of personal and corporate data on mobile devices is making these devices the preferred target for phishing attacks.
In fact, in spite of being protected by traditional phishing protection and education, 56% of Lookout users received and tapped a phishing URL on their mobile device between 2011–2016. Fortunately, in these cases the attack was thwarted by Lookout. Unfortunately though, the rate at which Lookout users are receiving and tapping on phishing URLs on their mobile devices has grown by an average of 85% YoY since 2011.
The problem with phishing on mobile is a much more nuanced beast than enterprises realize. Before enterprises can achieve comprehensive protection against phishing attacks across all vectors, including the mobile device, security and IT professionals need to understand how current phishing myths muddy the waters and get the facts that will help them make informed decisions on how to protect corporate data.