Mobile phishing click rates have increased 85 percent annually since 2011, according to research released today.
In a survey of its users and over 67 million mobile devices, mobile security firm Lookout’s report, Mobile phishing 2018: Myths and facts facing every modern enterprise today, finds that mobile users who clicked on a mobile phishing link did so an average of six times a year.
It pointed to one enterprise in which 25 percent of workers clicked on a link in an SMS message sent from a number made to look like it was from their local area.
The report notes that phishing via mobile devices is advantageous for hackers due to tactics like email headers and URLs making it simple to imitate email addresses and websites.
“Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways,” Aaron Cockerill, chief strategy officer at Lookout, said in a statement.
“Operating outside the perimeter and freely accessing not just enterprise apps and SaaS, but also personal services like social media and email, mobile devices are rich targets for attack since they may lack enterprise security but enable enterprise access and authentication.”
The report adds that while phishing is increasingly considered to be the origin of most cyber attacks, it’s key enterprises recognize phishing does not only happen through email. It notes that new vectors like SMS and messaging applications allow attackers to personalize their hacking campaigns.
“Attackers now take advantage of SMS, as well as some of today’s most popular and highly used social media apps and messaging platforms, such as WhatsApp, Facebook Messenger and Instagram, as a means of phishing. Security professionals who overlook these new routes of attack put their organizations at risk,” Cockerill said.
<!–