Enterprise mobile phishing encounters increased 37 percent in the first quarter of 2020 compared to the fourth quarter of 2019, according to the Lookout 2020 Mobile Phishing Hotspots Report.
North America saw a particularly high growth of 66.3 percent, the result of an unprecedented increase in the number of people working from home as a result of the COVID-19 crisis.
While the authors acknowledge that organizations have worked to defend against the threat of phishing by educating employees and deploying email phishing security software, cybercriminals are increasingly targeting mobile devices.
With this approach, the risk of phishing no longer needs to be simply hidden in emails, but can be targeted to users via SMS, messaging apps and social media platforms.
Currently, this is a particular problem, with many employees using personal devices such as smartphones and tablets to work remotely to increase productivity.
Lookout points out that detecting phishing link features through mobile devices is more difficult than using email because of its smaller size and simplified user experience. This makes it possible for cybercriminals to attack mobile devices with a higher success rate compared to desktops.
Phil Hochmuth, vice president of IDC's Enterprise Mobility Program, explains, "Phishing has evolved into a huge problem that goes far beyond traditional email bait and hook." "On small screens, with limited ability to review links and attachments before clicking on them, consumers and business users are exposed to more phishing risks than ever before, In a mobile-first world, where remote work is the norm, proactive defense against these attacks is critical."
The report also calculates that unmitigated mobile phishing threats have the potential to cost businesses with 50,000 mobile devices up to $150 million per incident.
David Richardson, vice president of product management at Lookout, commented: "Smartphones and tablets are trusted devices that sit at the intersection of their owners' personal and professional identities. Cybercriminals are using the ability to socially engineer their victims on mobile devices to steal their credentials or sensitive private data."