Story image

Phishing: It's all too easy on mobile devices

22 Nov 18
Sponsored

Imagine a world without mobile devices. We only need to cast our minds back a couple of decades to conjure up an image; but in 2018 that world is almost unthinkable.

Despite the saturation of mobile devices everywhere from the workplace to the home, they're still vulnerable to a lack of security. Cybercriminals are quick to exploit this lack of care.

Websites and apps have been optimised for mobile, but mobile devices are easily compromised because they present new ways of delivering attacks.

Take phishing for example. Phishing on mobile is extremely difficult to spot with the naked eye. It only takes a single tap to compromise a mobile device. It could be a malicious URL, or maybe an innocent-seeming app connected to a malicious ad network. 

Or it could be an email that looks like it came from Greg in HR but was designed to trick your employees into giving up their credentials. A single errant tap moves an attacker closer to your data.

What’s more, it’s difficult to preview a link on a mobile device to see if it’s legitimate. On a desktop or laptop you’d generally hover your mouse over a link, but mobile users don’t have that luxury.

Lookout Personal analysed 67 million mobile devices between 2011 and 2016. If found that 56% of users received and tapped a phishing URL that bypassed their phone’s existing phishing defense capabilities. Of that 56%, people tapped on an average of six phishing URLs per year.

The number of phishing attempts is also on the rise – according to Lookout, phishing URLs have increased by an average of 85% year-over-year since 2011.

“We have seen up to 87% of the traffic to phishing sites coming from mobile devices,” Lookout says.

That’s bad news for users and devices, but great news for cybercriminals who are trying to offload their malware, steal personal information, or demand ransoms.

It’s a major problem, but employers and users are still failing to take adequate steps against phishing attacks.

Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail users need to identify phishing attacks, such as hovering over hyperlinks to show the destination. 

Endpoint security firms such as Lookout are making it their mission to protect users, their organisations, and their data from phishing attacks.

To protect data from compromise, it’s now necessary to prevent employees from tapping malicious URLs that hide inside apps, in addition to SMS, messaging platforms, corporate and personal email.

Lookout offers comprehensive protection against mobile phishing on Android and iOS devices to keep enterprise data secure in a nuanced, mobile world.

One way it does this is by detecting phishing attempts from any source including email, social media and apps. It also allows IT administrators to set policies that protect against phishing attempts.

Lookout blocks attempted connections to URLs at the network level, instead of inspecting message content. This ensures employee privacy remains safe – this is important because users’ communication across social and messaging platforms needs to be safeguarded.

Learn how to protect your organisations’s data from malicious phishing attacks here.

To contact Lookout for a free demo or to find out how Lookout can help you protect your organisation’s data, click here.

MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
$43m tax-break for Google to house data centre in Ohio
There could soon be another hyperscaler on the horizon as the Ohio Tax Credit Authority has laid the bait for Google.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.