New research from Lookout (opens in new tab) has revealed the danger that mobile phishing attacks pose to enterprise organizations where many employees are given company smartphones for work.
The firm's 2020 Mobile Phishing Spotlight Report (opens in new tab) shows that unmitigated mobile phishing threats could end up costing organizations with 10,000 mobile devices as much as $35m per incident and up to $150m for organizations with 50,000 mobile devices.
The report also revealed that there was a 37 percent increase worldwide in enterprise mobile phishing encounter rates between Q4 2019 and Q1 2020. North America saw the highest increase at 66.3 percent followed by the Asia Pacific region at 27.7 percent and a 25.5 percent increase in EMEA.
- Apple is most imitated brand for phishing
- Microsoft will bring its antivirus software to iOS and Android
- Beware - that Google email may be a phishing scam
The number of people working at home is at a record high and employees have turned to their smartphones and tablets in order to stay productive. While organizations have deployed user training and email phishing security to combat cybercriminals' phishing attacks, little thought as been given to the threat of mobile phishing.
With mobile devices, phishing risks no longer simply hide in emails but can be found in SMS, messaging apps and social media platforms. Additionally, as mobile devices have a smaller form factor and a simplified user experience, they make it harder to spot the signs of a phishing link which increases the likelihood of a successful attack.
In a press release (opens in new tab), program vice president of enterprise mobility at IDC, Phil Hochmuth explained why phishing has become a greater threat in a mobile-first world, saying:
Phishing has evolved into a massive problem that expands far beyond the traditional email bait and hook. On a small screen and with a limited ability to vet links and attachments before clicking on them, consumers and business users are exposed to more phishing risks than ever before. In a mobile-first world, with remote work becoming the norm, proactive defense against these attacks is critical.”