Cybercriminals are changing their tactics, methods, and procedures during the COVID-19 health crisis and are targeting remote employees by using COVID-19 related lures in their phishing emails. The number of phishing attacks focused on people using mobile devices such as smartphones and tablets has sharply increased as per the latest report by Lookout mobile security company.
Throughout the world, there was a 37% increase in mobile phishing attacks on corporate users from Q4 of 2019 to the end of Q1 of 2020. In North America, there was even a 66.3% increase in mobile phishing attacks. Attackers are targeting remote employees in particular industry sectors like healthcare and financial providers.
Though the big increase in mobile phishing attacks is ascribed to the shift in working practices because of the COVID-19 pandemic, mobile phishing attacks have been steadily rising in the past few quarters. The success rate of phishing attacks targeting mobile device users appears to be higher because users are more inclined to click links than if they are working on a desktop or laptop computer since the phishing URLs are more difficult to recognize as malicious on little screen sizes.
Although the full link is probably shown on a laptop computer or desktop, a mobile device will just show the last part of the link, which would make the link look authentic on mobile devices. If doing a job from home, workers more likely to choose to use their mobile phones to do tasks to remain productive particularly those who have no large screens or multiple monitors at home.
Mobile devices usually do not have a similar level of security as laptops and office computers, so it is less probable to stop phishing messages. There are additionally more ways that phishing links may be delivered to mobile devices than laptop computers and desktops. On a desktop, phishing links will typically be delivered via email, but on mobile devices, they can easily be delivered via email, messaging apps, SMS, and social media and dating apps. There is also a tendency for mobile device users to work more quickly and not stop to consider whether a request is legit, even if they may be especially cautious on a laptop or desktop.
The increase in phishing attacks directed at mobile gadget users is a security issue and one that must be dealt with by company employers via education and training on security awareness, particularly with remote workers. Phishing awareness training must tackle the threat of mobile phishing attacks and demonstrate how links can be previewed on mobile gadgets and other measures that must be taken to check valid requests.
If the message seems to comes from somebody you know but appears like a weird ask or takes you to a peculiar webpage, get in touch with that person directly, and confirm the communication. When doing remote work, it’s even more essential to confirm any sort of unusual communication.
Education only may not be adequate. Security software must also be utilized on mobile devices to better protect end-users from phishing and malware attacks.