Lookout, Inc. released its 2020 Mobile Phishing Spotlight
Report that reveals there was a 37 percent increase worldwide in enterprise
mobile phishing encounter rate between the fourth quarter of 2019 and the first
quarter of 2020. The report also shows that unmitigated mobile phishing threats
could cost organizations with 10,000 mobile devices as much as $35 million per
incident, and up to $150 million for organizations with 50,000 mobile
devices.
The report highlights the different methods cybercriminals
use to make their mobile phishing campaigns more lucrative, and provides data
on global encounter rates and the potential financial risk per incident. The
phishing encounter rates are broken down by region, and by consumer and
enterprise, to provide a comprehensive understanding of the current state of
mobile phishing.
Key highlights from the Lookout 2020 State of Mobile Phishing Spotlight Report
include:
- Enterprise phishing
encounter rates tracked quarterly show sequential increases of 37.1
percent globally as well as increases of 66.3 percent in North America,
25.5 percent in EMEA and 27.7 percent in Asia Pacific.
- Examples of the
potential financial risk of up to $150 million per incident due to
unmitigated phishing risks for healthcare, manufacturing and legal
organizations.
- Research synopsis of a
real-world phishing campaign that targeted over 4,000 North American
banking customers.
- Examples of phishing
attack delivery by a wide variety of mobile apps including SMS, social
media and messaging apps in addition to email.
- Best practices for
organizations of any size to protect against and detect mobile phishing
attacks.
"Smartphones
and tablets are trusted devices that sit at the intersection of their owner's
personal and professional identity," said David Richardson, vice president of
product management at Lookout. "Cybercriminals are exploiting the ability to
socially engineer victims on their mobile device in order to steal their
credentials or sensitive private data."
Today, the number of people working away from the office is
at a record high. In order to stay productive, employees have turned to their
smartphones and tablets. Phishing has been the most commonly used method for
cybercriminals to infiltrate an organization, and businesses have deployed user
training and email phishing security to combat them. But with mobile devices, phishing risks no longer simply hide in email, but in SMS,
messaging apps, and social media platforms. In addition, with a smaller form factor
and simplified user experience, mobile devices also make it harder to spot the
tell-tale signs of a phishing link - enabling a higher success rate for the
cybercriminals attacking mobile compared to desktop devices.
"Phishing has evolved into a massive problem that expands
far beyond the traditional email bait and hook," said Phil Hochmuth,
program vice president of enterprise mobility at IDC. "On a small screen
and with a limited ability to vet links and attachments before clicking on them,
consumers and business users are exposed to more phishing risks than ever
before. In a mobile-first world, with remote work becoming the norm, proactive
defense against these attacks is critical."