Lookout Inc., the endpoint to the cloud security company, today released its Global State of Mobile Phishing report. According to Lookout data, 2022 had the highest percentage of mobile phishing encounter rates ever, with an average of more than 30 percent of personal and enterprise users exposed to these attacks every quarter. Lookout also found that users on all devices – whether personal or work provided – are tapping more on mobile phishing links in comparison to just two years ago.
Report findings also include:
- The potential annual financial impact of mobile phishing to an organization of 5,000 employees is nearly $4 million.
- Since 2021, mobile phishing encounter rates have increased roughly 10 percent for enterprise devices and more than 20 percent for personal devices.
- In 2022, more than 50 percent of personal devices were exposed to a mobile phishing attack every quarter.
- The percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.
- Organizations operating in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were the most heavily targeted enterprises.
- Non-email-based phishing attacks are growing rapidly, with vishing (voice phishing), smishing (SMS phishing) and quishing (QR code phishing) increasing seven-fold in the second quarter of 2022.
Users, endpoints and applications are so closely connected that threat actors can initiate advanced attacks simply by stealing user credentials. Mobile phishing is one of the most effective tactics to steal login credentials, which means that mobile phishing itself poses significant security, compliance, and financial risk to organizations in every industry.
It is likely the rise of remote work has contributed to this, as organizations relax bring-your-own-device (BYOD) policies to accommodate employees accessing corporate networks outside the traditional security perimeter.
Mobile phishing attacks are also growing more sophisticated. The share of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6 percent in 2020 to 11.8 percent in 2022, indicating that users are having a tougher time distinguishing phishing messages from legitimate communications.
The Global State of Mobile Phishing report from Lookout is based on data and trends derived from Lookout’s growing mobile dataset of security telemetry, which is built on graph-based machine intelligence that analyzes data globally from more than 210 million devices, 175 million applications and ingests four million URLs daily.
Download Lookout’s Global State of Mobile Phishing Report here.