Study shows the cost of unmitigated mobile phishing risks can be in the tens of millions of dollars
There was a 37% increase worldwide in enterprise mobile phishing encounter rate between the fourth quarter of 2019 and the first quarter of 2020, according to Lookout’s 2020 Mobile Phishing Report. The report also shows that unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as USD 35 million per incident, and up to USD 150 million for organizations with 50,000 mobile devices.
The report highlights the different methods cybercriminals use to make their mobile phishing campaigns more lucrative, and provides data on global encounter rates and the potential financial risk per incident. The phishing encounter rates are broken down by region, and by consumer and enterprise, to provide a comprehensive understanding of the current state of mobile phishing.
Key highlights from the report include:
- Enterprise phishing encounter rates tracked quarterly show sequential increases of 37.1% globally as well as increases of 66.3% in North America, 25.5% in EMEA and 27.7% in Asia Pacific.
- Examples of the potential financial risk of up to USD 150 million per incident due to unmitigated phishing risks for healthcare, manufacturing and legal organizations.
- Research synopsis of a real-world phishing campaign that targeted over 4,000 North American banking customers.
- Examples of phishing attack delivery by a wide variety of mobile apps including SMS, social media and messaging apps in addition to email.
- Best practices for organizations of any size to protect against and detect mobile phishing attacks.
“Smartphones and tablets are trusted devices that sit at the intersection of their owner’s personal and professional identity,” said David Richardson, vice president of product management at Lookout. “Cybercriminals are exploiting the ability to socially engineer victims on their mobile device in order to steal their credentials or sensitive private data.”
Today, the number of people working away from the office is at a record high. In order to stay productive, employees have turned to their smartphones and tablets. Phishing has been the most commonly used method for cybercriminals to infiltrate an organization, and businesses have deployed user training and email phishing security to combat them. But with mobile devices, phishing risks no longer simply hide in email, but in SMS, messaging apps, and social media platforms. In addition, with a smaller form factor and simplified user experience, mobile devices also make it harder to spot the tell-tale signs of a phishing link – enabling a higher success rate for the cybercriminals attacking mobile compared to desktop devices.
“Phishing has evolved into a massive problem that expands far beyond the traditional email bait and hook,” said Phil Hochmuth, program vice president of enterprise mobility at IDC. “On a small screen and with a limited ability to vet links and attachments before clicking on them, consumers and business users are exposed to more phishing risks than ever before. In a mobile-first world, with remote work becoming the norm, proactive defense against these attacks is critical.”