In the span of a few short months, the number of phishing attacks targeting smartphones as the entry point to enterprise networks has risen by more than a third. Indeed, one cybersecurity company found a 37% increase in mobile phishing attacks worldwide between November 2019 and early 2020.*
As previous blog posts have observed,** phishing emails have long been an issue for desktop/laptop users. Typically, these attacks – to the extent they target desktop/laptop email applications – can be avoided because they often come with observable indicia that something may not be right. For example, the email purportedly from “Katy Cole,” originates from an email address that is noticeably not one belonging to Katy Cole or the URL is palpably suspicious.
Now, however, people are using with increased frequency their mobile devices to respond to emails where the tell-tale signs of a phishing scam are harder to spot due, in part, to smaller screens. That smaller screen, coupled with a growing trend of cybercriminals to replicate login pages so as to resemble one’s organization (especially with so many businesses relying on cloud platforms like Office 365), is cause for concern. If, under such circumstances, a user enters their username and password into a phishing page, the device user effectively gives the attacker potential access to their corporate accounts. And so, as we all multitask, work remotely, and rely more upon our mobile devises, we must be mindful of these risks when accessing content from our mobile devices.