Lookout, Inc. released its
Global State of Mobile Phishing report.
According to Lookout data, 2022 had the highest percentage of mobile
phishing encounter rates ever, with an average of more than 30% of
personal and enterprise users exposed to these attacks every quarter.
Lookout also found that users on all devices - whether personal or work
provided - are tapping more on mobile phishing links in comparison to
just two years ago.
Report findings also include:
- The potential annual financial impact of mobile phishing to an organization of 5,000 employees is nearly $4 million.
- Since 2021, mobile phishing encounter rates have increased roughly
10% for enterprise devices and more than 20% for personal devices.
- In 2022, more than 50% of personal devices were exposed to a mobile phishing attack every quarter.
- The percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.
- Organizations operating in highly regulated industries - including
insurance, banking, legal, healthcare and financial services - were the
most heavily targeted enterprises.
- Non-email based phishing attacks are growing rapidly, with vishing
(voice phishing), smishing (SMS phishing) and quishing (QR code
phishing) increasing seven-fold in the second quarter of 2022.
Users, endpoints and applications are now so closely connected that
threat actors can initiate advanced attacks simply by stealing user
credentials. Mobile phishing is one of the most effective tactics to
steal login credentials, which means that mobile phishing itself poses
significant security, compliance, and financial risk to organizations in
every industry. It is likely that the rise of remote work has
contributed to this, as organizations relax bring-your-own-device (BYOD)
policies to accommodate employees accessing corporate networks outside
the traditional security perimeter.
Mobile phishing attacks are also growing more sophisticated. The
share of mobile users in enterprise environments clicking on more than
six malicious links annually has jumped from 1.6% in 2020 to 11.8% in
2022, indicating that users are having a tougher time distinguishing
phishing messages from legitimate communications.
"Mobile as a threat surface will continue to grow, and hybrid work
continues to grow in tandem, introducing huge numbers of unmanaged
devices into the enterprise environment," said Aaron Cockerill,
chief strategy officer at Lookout. "It is more important now than ever
for organizations to evolve their cybersecurity strategy to proactively
combat mobile phishing. As one of the most effective attack vectors for
threat actors, often serving as a starting-point for more advanced
attacks, mobile phishing protection should be a top priority for
organizations of any size."
The Global State of Mobile Phishing report from Lookout is based on
data and trends derived from Lookout's ever-growing mobile dataset of
security telemetry, which is built on graph-based machine intelligence
that analyzes data globally from more than 210 million devices, 175
million applications and ingests four million URLs daily.
Download Lookout's Global State of Mobile Phishing Report