According to Lookout, 2022 will see record high mobile phishing rates, with half of mobile phone owners worldwide exposed to phishing attacks each quarter.
These findings are the endpoint security provider’s Global State of Mobile Phishing Reportswas published on March 1, 2023.
While unprecedented, the percentage confirms a trend dating back three years, with the report showing an increase in mobile phishing encounters quarterly since Q2 2020. . These numbers are for personal cell phones only.
Lookout also explored the evolution of mobile phishing on work devices. From 2021 onwards, mobile phishing encounter rates have increased by nearly 10% on corporate phones.
Highly regulated industries such as insurance, banking, legal, healthcare, and financial services were most targeted.
“Mobile phishing is one of the most effective tactics for stealing login credentials. [it] It poses significant security, compliance, and financial risks to organizations across all industries,” notes the report.
“The rise of remote work may be contributing to this. Organizations are implementing bring-your-own-device (BYOD) policies to accommodate employees accessing corporate networks outside the traditional security perimeter. are alleviating.”
more subtle and sophisticated attacks
Lookout also found that mobile phishing attacks are growing in stealth and sophistication.
“The percentage of mobile users who click 6 or more malicious links per year in enterprise environments jumped from 1.6% in 2020 to 11.8% in 2022. ,” the report said.
As the cybercrime-as-a-service (CaaS) market grows and malware developers can offer their services as pre-built kits, attackers are turning to cheap and easy-to-use phishing You now have access to the kit.What the developers put up for sale on the dark web, i.e.
“For example, the kit below, titled ‘Fishing Collection’, was on sale for $298. The developer claims it can be used to target several major platforms used by enterprise organizations everywhere, including iCloud, Dropbox, Amazon, Office 365 and Adobe.
Non-email phishing attacks are also surging, with vishing (voice phishing), smishing (SMS phishing), and kissing (QR code phishing) increasing sevenfold in Q2 2022.
For businesses that fall victim to mobile phishing attacks, the damage can be devastating. Lookout calculates that the potential annual economic impact of mobile phishing for a 5,000-employee organization is nearly $4 million.
This report is based on Lookout’s data analysis from over 210 million devices, 175 million apps, and 4 million URLs daily.
