Phishing attacks hit all-time high

Phishing attacks hit all-time high

Share post

More than 30 percent of businesses and consumers were exposed to mobile phishing attacks in each quarter of 2022. Heavily regulated industries such as banking and insurance were hit the hardest.

Lookout has released its Global State of Mobile Phishing Report. According to the data, 2022 saw the highest percentage of mobile phishing attacks ever, with an average of more than 30 percent of businesses and consumers exposed to these attacks each quarter. Lookout also found that users across all devices, whether personal or work, clicked more mobile phishing links than they did two years ago.

Results of the report

  • The potential financial implications of mobile phishing to a company of 5.000 employees is nearly $4 million per year.
  • Since 2021 iMobile phishing attacks have increased by approximately 10 percent on corporate devices and more than 20 percent on personal devices.
  • In the year 2022 more than 50 percent of personal devices were exposed to a mobile phishing attack each quarter.
  • The percentage of userswho fall for mobile phishing links multiple times in a year is increasing rapidly year on year.
  • Companies operating in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were among those hardest hit.
  • phishing attacksNon-email-based attacks — including vishing (voice phishing), smishing (SMS phishing), and quishing (QR code phishing) — increased sevenfold in the second quarter of 2022.

Users, devices and applications are now so tightly connected that malicious threat actors can launch advanced attacks simply by stealing user data. Mobile phishing is one of the most effective tactics to steal credentials, which means that mobile phishing itself poses a significant security, compliance, and financial risk to organizations in any industry. It's likely that the rise in remote working has helped, as companies have relaxed bring-your-own-device (BYOD) policies to allow employees to access corporate networks outside of traditional security perimeters.

Mobile phishing attacks have also become more sophisticated. The proportion of corporate mobile users who click more than six malicious links per year has increased from 1,6 percent in 2020 to 11,8 percent in 2022, suggesting it is becoming increasingly difficult for employees to distinguish phishing messages from legitimate communications.

Attacks on mobile devices will continue to increase

"Mobile devices will continue to grow as a threat source, and so will hybrid working practices, introducing large numbers of unmanaged devices into the enterprise environment," said Aaron Cockerill, Lookout's chief strategy officer. “Now more than ever, organizations need to evolve their cybersecurity strategy to proactively combat mobile phishing. As one of the most effective attack vectors for threat actors, often serving as a launch pad for more advanced attacks, protecting against mobile phishing should be a top priority for organizations of all sizes.”

Lookout's Global State of Mobile Phishing report is based on data and trends derived from the manufacturer's growing mobile dataset of security telemetry. This work is done with graph-based intelligence from machines that analyze data from more than 210 million devices and 175 million applications worldwide and record four million web addresses (URLs or Uniform Resource Locators) for them every day.

More at


About Lookout

Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more