Mobile Phishing Attacks Skyrocket Amidst Pandemic
Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders.
The rate of mobile phishing rose sharply between the last quarter of 2019 and the first quarter of 2020, a boost most likely due to the increased number of people working from home due to COVID-19 stay-at-home orders, new research has found.
In fact, encounter rates for enterprise mobile phishing increased 37 percent between the last quarter of 2019 and the first quarter of 2020, from around 16 percent to 22 percent.
The Mobile Phishing Spotlight Report from Lookout highlights how threat actors have shifted their tactics to take advantage of the evolving move from the physical to mobile or home office in the wake of the COVID-19 pandemic, which forced many companies to order their employees to work from home and use mobile devices as part of their every-day productivity.
“Workers are no longer within the protective perimeter of their office-based security controls,” wrote Hank Schless, senior manager of security solutions at Lookout in a blog post about the research. “In short, remote work has created a prime opportunity for cybercriminals to expand their phishing attacks.”
As this trend will likely continue for the foreseeable future — with large corporations such as Google, Twitter, Facebook and Amazon keeping their workforce remote until all shelter-in-place regulations are lifted — organizations may have to shift their security tactics and education of employees to keep up with the evolving threat, he said.
“With this new reality, organizations need to ensure they are prepared,” Schless wrote.
Indeed, phishing in general has been an attack of choice for threat actors during the pandemic, with attackers widely using socially-engineered email lures to get victims to download infostealers and other types of malware. At one point cyberattackers were sending 1.5 million malicious emails per day related to the COVID-19 pandemic, researchers found.
Mobile phishing attacks, however, are different from typical phishing campaigns that target workstations and laptops in several ways. For one thing, they don’t always come in the form of emails, Schless noted. The mobile platform gives attackers a wider playing field with which to work and deliver malicious links for installing malware: They can use SMS, social media, messaging platforms and even dating apps to deliver malicious payloads via phishing attacks on mobile devices, he said.
Another difference is that people tend to use (as well as trust) their mobile devices more, as they “sit at the intersection of their owners’ personal and professional identity,” Schless wrote. This might make them less attentive to the possibility of receiving attacks on this interface.
Users also might not notice a malicious link on a mobile device due to the use of “a smaller screen and simplified user interface,” he added.
In addition to educating employees on the higher potential for mobile-phishing attacks now that they are working remotely, organizations should consider other strategies to protect workers from mobile-phishing attacks.
At the top of this list would be to implement security infrastructure and protocols that consider the mobile workplace as a similar entity to an enterprise scenario in which employees are located in one physical location, Schless suggested. Indeed, bolstering cloud-based security measures to protect a dispersed workforce as completely as an on-premise enterprise security solution would is an important aspect of combatting new mobile phishing threats, he said.
We’re Beeso IT, how can we help?
Our expert team of engineers, consultants, solution architects and project managers work right alongside our client’s internal IT teams – bringing their years of technical experience & competencies to your business on a need by need basis.
Wherever you require support, for whatever technology requirement. The Beeso IT team are on-hand locally as your global technology partner. If you are unsure of how secure your endpoints are, please contact the team today.
News source: https://threatpost.com/
Share This!
MICROSOFT OFFICE 365
YOUR COMPLETE OFFICE IN THE CLOUD
Bringing together everyone's favourite productivity tools with the benefits of cloud-based communication and collaboration, Microsoft have developed a platform that is both technically & commercially-sound for businesses of any shape.