While many users are quite familiar with what phishing looks like on the desktop, these same users are not as familiar with smishing or vishing-and other types of phish one might encounter on the mobile-as they are with email phishing. A mobile device’s inherent design and features have made it possible for phishers to create ways on how they can get into users’ heads and get their hands on vital personal and business data. Phishing attacks are no longer exclusive to emails, especially on mobile.
They also claim that iOS users are 18X more likely to fall for a phish than to download malware.
Wandera stated that 48% of phishing attacks happen on mobile.Such attacks are said to be non-existent before 2015 but have more than doubled in two succeeding years. This same PhishLabs report has also noted a dramatic increase of phishing campaigns banking on the trust of users towards software-as-a-service (SaaS) companies (7.1%).This suggests that there is an increasing trend of phishing campaigns targeting businesses. PhishLabs stated in its “2018 Phishing Trends & Intelligence Report”(PDF) that Email/Online Services is the top targeted industry in the second half of 2017 (26.1%), with a high concentration of phishing URLs mimicking Microsoft Office 365 login pages.This is due to its increased media reporting in 2017, which they believe will continue to trend, especially in countries with low awareness of mobile phishing. In their report, “2018 State of Phish”, Wombat Security hailed smishing, short for SMS phishing, as the attack vector to watch.With Google now labeling non-HTTPS website as “Non-Secure,” expect to see more phishers abuse the accepted concept that HTTPS sites are trustworthy and legitimate.
This same APWG report also claims that 35% of all phishing sites were using HTTPS and SSL certificates.In the latest “Phishing Activity Trend Report”(PDF), the Anti-Phishing Working Group (APWG) has revealed that the Payments industry continues to rank as the top targeted sector by phishing threat actors (36%) in Q1 2018.
In the whitepaper “Mobile phishing 2018: Myths and facts facing every modern enterprise today”(PDF), Lookout has determined that the rate at which users are tapping phishing links has grown an average of 85% since 2011.Mobile phishing by the numbersīelow is a quick rundown of current noteworthy mobile phishing statistics to date:
Surprisingly, phishers seem to have tipped the scales to a new preferred target: iPhone users. Wandera, a mobile security solutions provider, has observed that iOS users experience twice as many phishing attacks compared to their Android counterparts. This claim was based on accessed log files found on Web servers used to host websites involved in phishing campaigns.Īlmost a decade later, we continue to see different organizations reporting an increased trend in phishing attacks targeting the mobile market. In a report published in 2011, IBM revealed that mobile users are three times more likely to fall for phishing scams compared to desktop users.