Why phishers love mobile (and how to stop them)
Thu 5 Mar 2020 | Chester Avey
Phishers are coming for employees’ smartphones. Chester Avey says businesses need to be ready
Cybercriminals are becoming increasingly sophisticated. And whilst we might associate hacking and other forms of cybercrime with attacks on computer systems and individual machines, there is a dangerous growing trend that sees mobile devices becoming a prime target. It seems that phishing – the practice of sending deceptive messages in order to trick the receiver into downloading malware or revealing their password – is being increasingly targeted towards mobiles.
It was recently revealed that a flaw common in Android phones has made over one billion devices vulnerable to a phishing attack. So, it can come as no surprise to learn that phishers are beginning to see mobile as the most lucrative target. And this is especially true because we are increasingly using mobiles in our working lives. This means phishing on mobile devices can provide criminals with valuable business data.
So here we take a look at some of the reasons that mobile is vulnerable to phishing, and what you can do to protect yourself and your business.
Multiple forms of phishing can be effective
The most famous form of phishing is, of course, in the form of an email. A user might receive a very convincing email appearing to be from a well-known website, or even their business’ own internal system. This email provides a convincing reason for the user to click on a link, which takes them to a site which looks identical to their normal login page. Here they enter their details, not realising that this is not the login page at all, but rather a site created to harvest credentials.
However, this is not the only form of phishing. Another growing in popularity is SMS phishing which sees users getting text messages and, not realising the danger, click through to the link. As it is less well-known people don’t realise it is malicious.
What you can do: provide training to staff about the dangers of SMS phishing and ensure that everyone is as informed as possible.
Phishing eliminates physical security
One of the aspects of phishing that makes it so successful against mobile is that it completely circumvents physical security measures. While other forms of cybercrime can be deterred with physical security measures such as CCTV to prevent spying on a business or even physical security barriers to protect premises from intrusion from criminals, phishing on mobile devices is all digital and it eliminates this form of protection.
What you can do: interestingly businesses are looking to find ways that physical options can be used to deter phishing attacks. Google is one of the companies taking a lead on the issue. It found that using physical security keys rather than OTP (one-time-password) authentication was more effective, and that no employee who used a physical security key suffered a phishing attack.
Google actually sells these keys – known as Titan Security Keys – making them easy to get hold of. And they are very simple to use. Whenever you want to access your account you simply plug the key into your computer’s USB port. This could be something that could be implemented in your business.
Users are less security savvy on mobiles
It is, unfortunately, the case that many people who follow completely sensible and cautious approaches when using computers, do not also apply these standards to mobile devices. Perhaps believe that mobiles cannot be hacked or infected, users are less security savvy and this can make them especially vulnerable to phishing.
One advantage for phishers on mobile is the smaller screen size. This means that there is less information to scrutinise on the phone – for example, you can’t hover the mouse over the link to find out where it is directed to. This can lead users to click on the link without thinking.
What you can do: ensure that staff are trained in how to safely use mobile devices without the risk of falling victim to phishing. You should also invest in mobile security, just as you would with antivirus software and a firewall on your computer.
One of the most frustrating aspects of people falling victim to phishing is that it is an entirely preventable issue. Phishing is successful when cybercriminals are able to deceive people, and this can only happen when users are not wise to the dangers. As phishing on mobile phones becomes more common, businesses must invest properly in not only the technology to minimise the impact of attacks, but also the training to ensure that staff are able to protect themselves.