Published 14 Jun 2020

Cybersecurity firm Lookout has published analysis revealing that mobile-oriented phishing attacks increased by 37% between the fourth quarter of last year and the first quarter of this year.

Phishing attacks have been a historic problem on desktop machines, but wary users can often identify them through various warning flags. For example, they may notice that an email address is suspicious, or when they hover the mouse over a hyperlink, they may notice that it links to a different website address. In contrast, equivalent smartphone apps are by necessity designed to function on a much smaller screen, so the same warning flags may not be as visible, which may explain why cybercriminals are increasingly directing their phishing campaigns toward mobile devices.

A Lookout senior manager, Hank Schless, explained when speaking to ZDNet:

“It's difficult to spot red flags that we normally detect on a laptop or PC on such a small mobile screen. Since we can't preview links, see full URLs in mobile browsers, and quickly tap anything that comes our way, malicious actors are investing their time and energy into making these campaigns undetectable to the untrained eye.”

Using these techniques, cybercriminals can potentially trick targets into giving up authentication details, including banking details. For example, Lookout encountered a phishing campaign purporting to be from a prominent bank in Canada. Those clicking on the link were directed to an accurate imitation of the bank’s genuine login page.

In addition to stealing from individuals, such phishing campaigns can also have consequences for the organisations the targets belong to. Schless said about this:

“The line between a personal device and a work device will get blurrier, and attackers know that they can use platforms outside the protection of traditional corporate security policies to gain access to an organisation's infrastructure.”

To give an example of this, the Microsoft 365 productivity suite is very popular because its cloud-based technologies enable people to easily work from anywhere and collaborate with others, even over large geographical distances. Due to this popularity, phishing campaigns often seek to harvest login credentials for it. If someone in your organisation unwittingly gives up his or her login credentials, the cybercriminal will gain access to all that person’s data, such as emails and documents, as well as any data that is shared with that user. Even if this is not valuable in itself, it may prove useful in further activity, such as initiating more focused spear-phishing attacks against others in the organisation, as well as customers, suppliers, and partners.

At Pro-Networks, we recommend using multifactor authentication with Microsoft 365, so that any username and password needs to be accompanied by at least one other mechanism, such as a code sent over SMS or preferably an authenticator app. As part of our office IT support, we can even take over the administrative aspects of Microsoft 365, such as adding new users and securing their accounts, as well as ensuring that the correct licences are being used.

 

Please share this post using any of the following share buttons.

Read similar posts to this article

Hacker Explores Dangerous Territory...

Enhancing Remote Work Security: The...

Cyber Security Services