More than 30 percent of businesses and consumers were exposed to mobile phishing attacks in each quarter of 2022. Heavily regulated industries such as banking and insurance were hit the hardest.
Lookout has released its Global State of Mobile Phishing Report. According to the data, 2022 saw the highest percentage of mobile phishing attacks ever, with an average of more than 30 percent of businesses and consumers exposed to these attacks each quarter. Lookout also found that users across all devices, whether personal or work, clicked more mobile phishing links than they did two years ago.
Results of the report
- The potential financial implications of mobile phishing to a company of 5.000 employees is nearly $4 million per year.
- Since 2021 iMobile phishing attacks have increased by approximately 10 percent on corporate devices and more than 20 percent on personal devices.
- In the year 2022 more than 50 percent of personal devices were exposed to a mobile phishing attack each quarter.
- The percentage of userswho fall for mobile phishing links multiple times in a year is increasing rapidly year on year.
- Companies operating in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were among those hardest hit.
- phishing attacksNon-email-based attacks — including vishing (voice phishing), smishing (SMS phishing), and quishing (QR code phishing) — increased sevenfold in the second quarter of 2022.
Users, devices and applications are now so tightly connected that malicious threat actors can launch advanced attacks simply by stealing user data. Mobile phishing is one of the most effective tactics to steal credentials, which means that mobile phishing itself poses a significant security, compliance, and financial risk to organizations in any industry. It's likely that the rise in remote working has helped, as companies have relaxed bring-your-own-device (BYOD) policies to allow employees to access corporate networks outside of traditional security perimeters.
Mobile phishing attacks have also become more sophisticated. The proportion of corporate mobile users who click more than six malicious links per year has increased from 1,6 percent in 2020 to 11,8 percent in 2022, suggesting it is becoming increasingly difficult for employees to distinguish phishing messages from legitimate communications.
Advertising
Subscribe to our newsletter now
Read the best news from B2B CYBER SECURITY once a month
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our
Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.
CleverReach
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at:
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time.
You may object to the storage if your interests outweigh our legitimate interest.
For more information, see the privacy policy of CleverReach at:
https://www.cleverreach.com/de/datenschutz/.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Attacks on mobile devices will continue to increase
"Mobile devices will continue to grow as a source of threats, and hybrid working will also continue to grow, introducing large numbers of unmanaged devices into the enterprise environment," said Aaron Cockerill, chief strategy officer at Lookout. "Now more than ever, it is important for organizations to evolve their cybersecurity strategy to proactively combat mobile phishing. As one of the most effective attack areas for threat actors, often serving as a launching pad for more advanced attacks, protecting against mobile phishing should be a top priority for organizations of all sizes."
Lookout's Global State of Mobile Phishing report draws on data and trends derived from the vendor's ever-growing mobile security telemetry dataset, which is performed using graph-based intelligence from machines that analyze data from more than 210 million devices and 175 million applications worldwide, and ingest four million web addresses (URLs or Uniform Resource Locators) every day.
More at Lookout.com
About Lookout
Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.
Matching articles on the topic
