Increase in Mobile Phishing Attacks Highlight Need for Endpoint Security Solutions - CWPS

Posted by Gary Utley on August 14, 2018

A recent report from Lookout shows that mobile ransomware is on the rise. Mobile devices are frequently the most effective attack vector for cyber criminals looking to infect a business network. Ransomware can be devastating to an organization, grinding business processes to a halt and costing a company in time, money, and reputation. Endpoint security solutions are the answer.

Mobile Ransomware is On the Rise

In Lookout's study, 56% of users both received and clicked on a phishing URL on their mobile device -- and the situation is only getting worse. Between 2011 and 2018, the number of users clicking on phishing links increased an average of 85% year-over-year, every year. Users are becoming more accustomed to doing a significant volume of work on their mobile devices, and consequently, they are more willing to click on links that might otherwise be suspicious.

Over 66% of emails are now opened first on mobile devices, with email being the most common messaging format for cyber criminals. But phishing attacks don't just occur through email: they also occur through instant messaging. 25% of employees in the Lookout study were willing to click on links from spoofed instant messaging accounts.

All-in-all, studies have shown that people on phones are 3 times as likely to click on a suspicious link as those on desktops. Part of this is because mobile phones display web content differently, stripping out many of the identifying factors of a fake or spoofed email.

Why Are Cyber Criminals Targeting Mobile Devices?

As noted above, mobile devices are the most vulnerable platforms. Users on mobile devices are more willing to click on suspicious links, for the following reasons:

  • Mobile browsers often don't display full URLs -- and users can't "hover over" a URL to make sure that it's going where they expect it to.

  • Mobile devices often don't have any type of internal scanning technology, or if they do, it's designed to pick up malware and viruses rather than phishing attempts.

  • Mobile users are inundated with information today, and may not be paying attention to each individual email or message they receive.

But that's not the only reason why mobile devices are valuable. Mobile devices often have access to corporate networks and can be used to intrude upon otherwise secure network environments. Mobile devices may have sensitive and confidential information on them, as many employees complete work while on-the-go. In terms of phishing attempts and ransomware, a single infected mobile device could easily infect the entirety of a network. 

How to Improve Mobile Device Security

To defeat mobile phishing attacks, organizations need to protect their endpoints with better mobile device security. Endpoint security solutions, such as Cylance Protect, scan and secure end-user devices for threats. By placing an agent on each device -- which can be a smartphone, tablet, or other "smart" system -- the endpoint security system is able to ensure that malicious code is not launched on that device. In so doing, it can protect the network itself. 

Endpoint security solutions create a consolidated platform where IT professionals and security teams are able to view the network and its devices at-a-glance. If devices need to be updated, have quarantined items, or are exhibiting signs of infection, the IT department can quickly follow up and mitigate the damage.

Ransomware threats are only becoming more detailed and complex, and every mobile device connected to your network increases your risk. To learn more about mobile device security and how to protect your business from phishing attacks, contact CWPS.

2019 Cybersecurity Threats Ebook

Topics: Office 365 EMS