Two thirds of mobile phishing attacks take place on iOS mobile devices with its users experiencing twice as many attacks as Android mobile users; as gaming apps are revealed as the most common source of mobile data security breaches attempted by hackers.
Contrary to public perception, data from a new report reveals that 81 per cent of mobile phishing attacks now take place outside of email, suggesting that a sole reliance on spam filters could leave businesses exposed to a multitude of threats.
A sample of more than 100,000 corporate devices were analysed to understand how much traffic is going to suspicious domains deemed phishing sources, which form part of the hundreds of thousands of live phishing domains active at any time.
What is phishing?
Put simply, phishing is a method used by hackers to retrieve personal information such as passwords and bank details when victims click on an unsolicited link. These are often received through an application or site that they wrongly believe to be a trustworthy source, for example, a social media message from an apparent colleague.
Where does mobile traffic to phishing sites originate?
Gaming – 25.6 per cent
Email – 18.9 per cent
Sports – 13.3 per cent
News and weather – 13.1 per cent
Productivity – 9.4 per cent
Social media – 8.1 per cent
Messaging – such as Messenger; WhatsApp) (6.4 per cent
Travel – 6.1 per cent
Ecommerce – 5.8 per cent
Music – 5.6 per cent
Dating – 5 per cent
Food and drink – 2.2 per cent
Finance – 1.1 per cent
Health and fitness – 0.6 per cent
What methods are used?
Gaming makes up a quarter of all phishing attacks as hackers choose to quickly assemble lightweight and popular game copies to capitalize upon player tastes; for example, by providing alternative free clones of Football Manager or Mario. Hackers use this method to harvest user data and to capitalize on social exchanges between players, sometimes even on legitimate gaming apps.
For businesses, email, productivity, social media, messaging and travel apps all pose a particular risk. A dangerous example of phishing involved a COO of a well-known media company who received WhatsApp messages with seemingly accurate information. Additionally, he received an email from an almost identical workplace domain name from an apparent colleague, resulting in a breach through a shared link after trust had been built up between him and the imposter.
Planted comments from hackers on news articles and the creation of fake news posts can also be used as methods of distribution. Let’s not forget the one in twenty phishing attacks taking place on dating apps and sites, with those hoping to be lucky-in-love getting more than they bargained for as hackers use fake profiles to reel in victims and encourage them to share personal information.
Tips to prevent phishing and spot the signs
- Implement an education program to help employees understand the importance of remaining alert to phishing attempts to use at home and work
- Double check the domain names of links even if they seem trustworthy
- Don’t engage with unknown or suspicious senders
- Perform extra checks when being asked for sensitive information even if it appears to be from a trusted source
- Beware of shortened URLs like Bitly and Olwly links
- Make your devices Wandera-enabled to monitor and intercept web traffic that is heading towards suspicious domains