Lookout, Inc., a leader in mobile security, released its 2020 Mobile Phishing Spotlight Report that reveals there was a 37 percent increase worldwide in enterprise mobile phishing encounter rate between the fourth quarter of 2019 and the first quarter of 2020. The report also shows that unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.
The report highlights the different methods cybercriminals use to make their mobile phishing campaigns more lucrative, and provides data on global encounter rates and the potential financial risk per incident. The phishing encounter rates are broken down by region, and by consumer and enterprise, to provide a comprehensive understanding of the current state of mobile phishing.
Key highlights from the Lookout 2020 State of Mobile Phishing Spotlight Report include:
- Enterprise phishing encounter rates tracked quarterly show sequential increases of 37.1 percent globally as well as increases of 66.3 percent in North America, 25.5 percent in EMEA and 27.7 percent in Asia Pacific.
- Examples of the potential financial risk of up to $150 million per incident due to unmitigated phishing risks for healthcare, manufacturing and legal organizations.
- Research synopsis of a real-world phishing campaign that targeted over 4,000 North American banking customers.
- Examples of phishing attack delivery by a wide variety of mobile apps including SMS, social media and messaging apps in addition to email.
- Best practices for organizations of any size to protect against and detect mobile phishing attacks.
“Smartphones and tablets are trusted devices that sit at the intersection of their owner’s personal and professional identity,” said David Richardson, vice president of product management at Lookout. “Cybercriminals are exploiting the ability to socially engineer victims on their mobile device in order to steal their credentials or sensitive private data.”
Today, the number of people working away from the office is at a record high, says Lookout. In order to stay productive, employees have turned to their smartphones and tablets; therefore, phishing has been the most commonly used method for cybercriminals to infiltrate an organization, and businesses have deployed user training and email phishing security to combat them. But with mobile devices, phishing risks no longer simply hide in email, but in SMS, messaging apps, and social media platforms, notes the report. In addition, with a smaller form factor and simplified user experience, mobile devices also make it harder to spot the tell-tale signs of a phishing link – enabling a higher success rate for the cybercriminals attacking mobile compared to desktop devices.
“Phishing has evolved into a massive problem that expands far beyond the traditional email bait and hook," said Phil Hochmuth, program vice president of enterprise mobility at IDC. "On a small screen and with a limited ability to vet links and attachments before clicking on them, consumers and business users are exposed to more phishing risks than ever before. In a mobile-first world, with remote work becoming the norm, proactive defense against these attacks is critical.”