Two-thirds of mobile phishing attacks take place on iOS mobile devices with its users experiencing twice as many attacks as Android mobile users (63 vs 37 per cent respectively); as gaming apps are revealed as the most common source of mobile data security breaches attempted by hackers.
Contrary to public perception, data from a new report reveals that 81 per cent of mobile phishing attacks now take place outside of email, suggesting that a sole reliance on spam filters could leave businesses exposed to a multitude of threats.
Enterprise mobile security and data management provider Wandera analysed a sample of more than 100,000 corporate devices to understand how much traffic is going to suspicious domains deemed phishing sources, which form part of the hundreds of thousands of live phishing domains active at any time.
What is phishing?
Put simply, phishing is a method used by hackers to retrieve personal information such as passwords and bank details when victims click on an unsolicited link. These are often received through an application or site that they wrongly believe to be a trustworthy source, for example, a social media message from an apparent colleague.
Where does mobile traffic to phishing sites originate? (figures in per cent)
- Gaming (25.6)
- Email (18.9)
- Sports (13.3)
- News and weather (13.1)
- Productivity (9.4)
- Social media (8.1)
- Messaging (such as Messenger; WhatsApp) (6.4)
- Travel (6.1)
- Ecommerce (5.8)
- Music (5.6)
- Dating (5)
- Food and drink (2.2)
- Finance (1.1)
- Health and fitness (0.6)
What methods are used?
Gaming makes up a quarter of all phishing attacks as hackers choose to quickly assemble lightweight and popular game copies to capitalize upon player tastes; for example, by providing alternative free clones of Football Manager or Mario. Hackers use this method to harvest user data and to capitalize on social exchanges between players, sometimes even on legitimate gaming apps.
For businesses, email, productivity, social media, messaging and travel apps all pose a particular risk. A dangerous example of phishing involved a COO of a well-known media company who received WhatsApp messages with seemingly accurate information. Additionally, he received an email from an almost identical workplace domain name from an apparent colleague, resulting in a breach through a shared link after trust had been built up between him and the imposter.
Planted comments from hackers on news articles and the creation of fake news posts can also be used as methods of distribution. Let’s not forget the one in twenty phishing attacks taking place on dating apps and sites, with those hoping to be lucky-in-love getting more than they bargained for as hackers use fake profiles to reel in victims and encourage them to share personal information.
Tips to prevent phishing and spot the signs
- Implement an education program to help employees understand the importance of remaining alert to phishing attempts to use at home and work
- Double check the domain names of links even if they seem trustworthy
- Don't engage with unknown or suspicious senders
- Perform extra checks when being asked for sensitive information even if it appears to be from a trusted source
- Beware of shortened URLs like Bitly and Olwly links
- Make your devices Wandera-enabled to monitor and intercept web traffic that is heading towards suspicious domains