One in 10 users click phishing links on mobile platforms

mobile phishing

Most web traffic is now associated with users who are mobile, so it's no surprise that hackers are using this to their advantage by crafting attacks specific to mobile platforms.

Clearly this is paying off with as many as one in 10 users clicking on mobile phishing messages according to Apple enterprise management company Jamf's latest Phishing Trends report based on information, statistics and analysis of 500,000 protected devices across 90 countries.

The findings show a 160 percent increase in mobile users falling victim to phishing over the past 12 months. This is partly because mobile use makes attacks harder to spot. Smaller screen sizes leave less space to evaluate the legitimacy of a website.

Advertisement

Phishing is also increasingly being delivered outside email. As more people have gone mobile for work they have started using more apps, which are not protected and are outside the perimeter
of the corporate network.

The lack of a padlock symbol -- previous a strong sign of a fake website -- is also no longer a reliable indicator. 93 percent of successful phishing sites are now utilizing HTTPS verification to conceal their deceitful nature, a number that has increased dramatically from 65 percent in 2018 according to the research.

Successful attacks are also making use of 'punycode' -- where words that use Unicode characters (in languages like Cyrillic, Greek and Hebrew, for example) appear as ASCII characters to form addresses that look similar to legitimate sites.

The top 10 brands used in phishing campaigns this year are: Apple, PayPal, Amazon, Chase, Facebook, Google, Twitter, Netflix, Microsoft and Wells Fargo.

The report's authors note that, "Many phishing sites are published online for only a few hours before hackers move to an entirely new hosting server. This allows them to evade detection and maintain ongoing campaigns without being blocked. The risk to users is highest in those first critical hours before static, list-based threat intelligence is updated."

You can get the full report, with tips on how to avoid falling victim, but also what to do if you have, on the Jamf site.

Image credit: Rawpixel/depositphotos.com

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.