There was a 37 percent increase worldwide in enterprise mobile phishing encounter rate between the fourth quarter of 2019 and the first quarter of 2020, according to Lookout.
The report also shows that unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.
“Cybercriminals are exploiting the ability to socially engineer victims on their mobile device in order to steal their credentials or sensitive private data.”
Today, the number of people working away from the office is at a record high. In order to stay productive, employees have turned to their smartphones and tablets.
Phishing has been the most commonly used method for cybercriminals to infiltrate an organization, and businesses have deployed user training and email phishing security to combat them. But with mobile devices, phishing risks no longer simply hide in email, but in SMS, messaging apps, and social media platforms.
In addition, with a smaller form factor and simplified user experience, mobile devices also make it harder to spot the tell-tale signs of a phishing link – enabling a higher success rate for the cybercriminals attacking mobile compared to desktop devices.
“Phishing has evolved into a massive problem that expands far beyond the traditional email bait and hook,” said Phil Hochmuth, program vice president of enterprise mobility at IDC.
“On a small screen and with a limited ability to vet links and attachments before clicking on them, consumers and business users are exposed to more phishing risks than ever before. In a mobile-first world, with remote work becoming the norm, proactive defense against these attacks is critical.”