A new study from cybersecurity company Lookout has found that there is a 37% increase in enterprise mobile phishing in the first quarter of 2020. Cybercriminals now deliver phishing attacks through a wide variety of methods, including SMS, social media, and messaging apps in addition to email.
According to data collected by Lookout researchers, unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.
“Smartphones and tablets are trusted devices that sit at the intersection of their owner’s personal and professional identity,” said David Richardson, vice president of product management at Lookout. “Cybercriminals are exploiting the ability to socially engineer victims on their mobile device in order to steal their credentials or sensitive private data.”
Attackers can also now duplicate UIs to near pixel-perfect likeness, and on mobile devices it can be hard for people to see that websites or URLs are fraudulent.
From Lookout’s data, their researchers found that 15.5% of attacks were aimed at hospitals, while 14.9% were going after professional services. Financial services enterprises came in at 10%, while manufacturing was 6.3%, and government came in fifth at 4.4%.
When broken down by region, the data shows that this is a global problem that every part of the world is facing. Enterprise phishing encounter rates tracked quarterly show sequential increases of 66.3% in North America, 25.5% in Europe, the Middle East, and Africa, and 27.7% in Asia Pacific.
“Malicious actors have taken note of how reliant we are on mobile devices. From their perspective, mobile phishing is often the cheapest way to compromise an individual or an organization. Traditionally, people think this can only happen over email, but according to Verizon, 85% of mobile phishing happens outside of email apps. Combining the fact that over 96% of mobile users have communication or social apps on their phones and organizations are sacrificing mobile security puts everyone at risk.”
This unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.
Read more on the report