Smartphones Hacking 2020: easy way to your company's files
Cybersecurity warning: Hackers are targeting your smartphone as a way into the company network
Cyber attacks are on the rise and will continue to rise. It's not a matter of if but a matter of when. A framework-driven approach with continuous monitoring will help companies mature their cybersecurity posture and address incidents proactively.
The number of phishing attacks targeting smartphones as the entry point for attempting to compromise enterprise networks has risen by more than a third over the course of just a few months.
Phishing emails have long been a problem for desktop and laptop users, but the increased use of mobile devices – especially as more people are working remotely – has created an additional attack vector for cybercriminals who are targeting both Android and IOS phones.
Attacks targeting desktop email applications can leave tell-tale signs that something might not be quite right, such as being able to preview links and attachments or see email addresses and URLs that might look suspicious.
However, this is harder to spot on mobile email, social media, and messaging applications because of the way they're designed for smaller screens.
Since we can't preview links, see full URLs in mobile browsers, and quickly tap anything that comes our way, malicious actors are investing their time and energy into making these campaigns undetectable to the untrained eye.
In many cases, attackers are able to design fake login pages that look almost exactly like that of the organization they're targeting, especially now so many businesses rely on cloud platforms like Office 365.
If a user enters their username and password into a phishing page, they're handing these over to an attacker who can take advantage of this to gain access to their corporate accounts.
Mobile phishing attacks against personal accounts are also on the rise, as attackers exploit smartphones and mobile browsers in attempts to steal login details, banking information, and other personal data.
Attackers are also attempting to take advantage of the coronavirus pandemic with mobile phishing campaigns, posing as government and health organizations.
The DigitalBank Vault® Technology is a world-leading cyber defense solution for securing total privacy over text and voice communications.
"Mobile phishing campaigns will continue to get harder to spot, and we can expect more advanced social engineering in channels beyond SMS and email," said Schless.
"The line between a personal device and a work device will get blurrier, and attackers know that they can use platforms outside the protection of traditional corporate security policies to gain access to an organization's infrastructure," he added.
Defending against mobile phishing attacks can be difficult, but warning employees about the risk of these campaigns can go some way to preventing them. Organizations could also consider using a mobile security system – but they also need to be aware that it doesn't cross a line when it comes to invading the privacy of the user.