Mobile phishing links attacks has grown

As per the report published by Lookout, the universal leader in mobile security, there has been an ever-increasing growing risk of phishing on mobile devices. Since 2011, Lookout has been observing the increasing rate as 85% per year at which users are clicking on phishing links on their mobile phones.

Another serious concern is that about 56% of users who got phishing links clicked on the URL unintentionally. Evidently, this lapse on the part of users has sidestepped the accessible protection offered by mobiles. Typically, a user clicked on a mobile phishing link as a minimum six times per year.

 The global security company in the report examined the current state of mobile phishing. They further gave details that cyber criminals are successfully avoiding the phishing protections, and subsequently, targeting the mobile phones to carry out their illegal activities. As a result, these hackers manage to steal confidential data and personal details at an ever-increasing rate.

As reported, more than 66% of emails that were accessed on mobile device constituted the main point of attack by the hackers. These suspicious and vulnerable emails on a mobile device can easily develop into a new possibility for attack. There are many business organizations that protect their systems for email-based phishing attacks. These establishments make use of customary firewalls and protected email gateways. Besides, nowadays, people are getting more careful so as to recognize and manage phishing attacks. On the other hand, the mobile phones are lacking to recognize and block phishing attacks. Both the users and currently available security technologies are finding it difficult to deal with this situation.

The universal security company also asserts that on hand phishing protections are not sufficient for mobiles. This is due to the fact that mobile phones have small display screens, and so, it becomes somewhat difficult to make out whether it’s a genuine login page or a fake one. As observed, the only possible attack point on mobile phones is an email, in which the malicious links gain entry and when accessed, they lead to compromising the entire secret data.

Another form that offers an opportunity to the hackers to make attacks is SMS and MMS. Also, popular social media apps and messaging platforms such as Facebook, WhatsApp, and Instagram are frequently used by attackers. Unluckily, more than 25% of employees by chance clicked on a link in the mobile’s SMS message and got defrauded.

Even one hacker utilized a non-email way of phishing. He used ViperRAT that permitted him to gain an illegal access to the mobile’s data, including SMS messages. He got himself into conversations with persons after creating fake woman profile on social media platforms. Just the once, he established their faith, the imposter asked the persons to download an app, so as to make communication easier and simplified.

In another instance, one cyber criminal targeted Android and iOS users via Facebook Messenger. He told that a YouTube video features them. When the victims clicked on the link offered, the user was asked to login fraudulent Facebook login page. Actually, this illegal exercise was meant to steal their secret information.

Lookout also revealed that users are three times more prone to click on a doubtful link on a mobile phone in comparison to a computer. It is only due to the fact the mobile’s screen is small, and the user can’t make out the entire link clicked by them. Moreover, there isn’t at all times a firewall to maintain the device protected, as in the case of a computer system.

The phishing attacks on mobile devices are increasing at a higher rate. Some of the most refined attacks appear from mAPTs (mobile advanced persistent threats). The most recent mAPT attacks to mobile have been reported in Pegasus and Dark Caracal.

There are some applications that have links or URLs in the codebase to share information in real-time. Thus, hackers can misuse this links for phishing purposes. In this respect, the corporations should pay more attention to “benign apps” that pose threat as malicious links.

Lookout gave details that the apps that are frequently used for advertising to make revenue money integrate ad SDKs into their code. These SDKs have URLs or links to display ads to the users. If a benign app utilizes an ad SDK run by a cyber criminal; the SDK is made to access malicious URLs or links with the aim of displaying ads, and therefore, the user gets compelled into entering susceptible data.


Post a Comment