Smartphones have become synonymous with everyday business operations, enabling employees to store important contact details, browse the web and reply to emails while on the move. However, the ubiquity of such devices has led scammers to increasingly target them with a variety of phishing attacks – all designed to convince individuals to part with sensitive personal and corporate information.
With banking details, phone numbers and email addresses all commonly stored on them, a successful attack on an employee’s smartphone could have devastating consequences, both for that individual and for your organisation. This threat is even more daunting considering that the click rate for suspicious URLs on mobile has increased 85% year-over-year since 2011.
With this in mind, it is vital that business leaders educate themselves on the types of attacks that today’s scammers are using, and advise employees on how best to protect themselves.
A new school of phish
Almost everyone has seen a dubious email hit their inbox at one time or another, seemingly from a legitimate source such as PayPal or Apple. At a cursory glance, these emails can look like the real thing, but tell-tale signs like frequent spelling errors and obviously false email addresses can help users identify a disguised phishing attack.
Unfortunately, these signs can be far less obvious when received on a mobile device, as email headers and URLs are often hidden. As such, it’s worth encouraging employees to double-check the sender’s details, take note of impersonal address and avoid clicking on any suspicious links.
But some more sophisticated scams can be even less obvious and, again, can be extremely damaging when targeting a mobile device. For example, spear-phishing attacks occur when a scammer creates an email that perfectly imitates genuine correspondence, often from senior members of staff within the same organisation.
In these cases, the scammer will research company websites and social media channels to build a comprehensive profile of an employee to fool unsuspecting users. The scammer will usually target junior members of teams, requesting confidential information or encouraging them to click on links that will download malware, which can be particularly disastrous on Android phones, which tend not to have the rigorous in-built security that their iPhone counterparts do. Always advise staff members to check with your IT department or managed service provider before engaging with correspondence like this.
However, it’s not just email that modern hackers are utilising. Social media has now become the go-to platform for phishers who want to extract crucial company information from unsuspecting staff. For a hacker, social media is a great place to start building a picture of exactly who you are in preparation of launching a phishing attack, and some have even resorted to sending suspicious links via messenger platforms. Investigating the privacy settings on such sites (and ensuring they are consistent across mobile, apps and desktop) is a worthwhile exercise to ensure you’re prepared.
Other mobile apps that facilitate remote working, such as Google Docs and Dropbox, have also grown increasingly vulnerable to phishing scams, with Google Docs falling victim to a large-scale attack which affected around 1 million users in 2017. Using a link, the scam diverted users from a Google page to a third-party site, where password information was claimed. Combatting such scams can be achieved by implementing two-factor authentication to add an extra layer of defence to your security measures.
Preventing mobile phishing
Education is extremely important when considering ways to combat phishing attempts, as learning to spot the warning signs can prevent your or your company’s data from falling into the wrong hands, and this is more prescient when considering your mobile devices.
A strong enterprise mobility management strategy can help organisations to manage their apps and social media accounts that have access to your data, and secure personal information on employees’ smartphones. They should complement this by ensuring that their file transfer procedures are completely secure.
Mobile devices are only going to become a more central component of our working lives in the future, so ensuring that the safeguards are in place to protect your vital information now will go a long way to preventing potential phishing scams in the future.
About the author: Matt joined Intercity Technology in 2015 from Imerja Limited, as one of the company’s founders. He worked there for 12 years as Technical Director and previously Operations & Services Director. With over 25 years’ business and technical experience in providing IT solutions,
Source: infosec island