The number of mobile phishing attacks launched has jumped by 37% as scammers and cybercriminals look to exploit millions of employees working remotely amid the pandemic.
The news comes via Lookout Inc., specialists in mobile security, who published their 2020 Mobile Phishing Spotlight Report, detailing a 37% increase in the fourth quarter of 2019 into the first quarter of 2020, specifying that manufacturers, legal organisations and healthcare providers are particularly vulnerable to being targeted by a third-party.
Lookout Inc’s report shows that the steepest jump was recorded in the United States, with a 66% increase in the number of mobile phishing attacks, surely made worse by the number of people working remotely and letting their guard down in terms of cybersecurity.
What’s more, the report points out that for organisations handing out devices to their employees, the potential costs if someone, or the organisation were to be compromised are extreme. If an organisation with 10,000 devices were to be targeted by a mobile phishing campaign, a single incident could result in up to $35 million worth of damage. For a business with up to 50,000 devices, a single phishing campaign could result in $150 million in damages for the organisation to adequately address.
Authors of the report noted that organisations are becoming more proactive in terms of cybersecurity, but there is still some serious work to do in terms of training staff to identify scam and phishing attacks on their mobile device. The problem is very much compounded by the fact that millions of people have a phone provided to them by their employer, and that gives cybercriminals a direct portal for a potential email, SMS, application or social media scam that purports to be their employer, a supplier, or a customer.
Vice president of product management at Lookout, David Richardson says that “smartphones and tablets are trusted devices that sit at the intersection of their owner’s personal and professional identity. Cyber-criminals are exploiting the ability to socially engineer victims on their device in order to steal their credentials or sensitive private data.”
Looking across the globe, there was a 27.7% increase in the number of phishing encounter rates in Europe, the Middle East and Africa, and a noted 25.5% in the Asia Pacific region.
Phil Hochmuth, vice president of enterprise mobility at IDC said that “phishing has evolved into a massive problem that expands far beyond the traditional email bait and hook.”
“On a small screen and with a limited ability to vet links and attachments before clicking on them, consumers and business users are exposed to more phishing risks than ever before. In a mobile-first world, with remote work becoming the norm, proactive defense against these attacks is critical,” Hochmuth concluded.
As we reported last week, another recent trend in the cybersecurity world has been a noticeable rise in the number of ransomware attacks – whereby a hacker encrypts an organisation’s or individual’s data – until a ransom is paid, usually in the form of bitcoin. This problem is being exacerbated by the fact that hackers have begun increasing the cost of the ransom by as much as 950%. This has been driven by the fact that hackers realise an organisation is desperate to regain access to their data.
There has also been the recent story of easyJet facing billions of dollars in damages after a damaging data beach saw details of millions of its customers leaked online.
If you and your organisation would like to avoid things like this happening, click here for more information on our ISO 27001 – Information Security Management System – Quality Management Systems, or for your free ISO 27001 Gap Analysis Checklist, please click here.