The reliance on mobile phones in the workplace has facilitated an increase in cybersecurity threats that many enterprises are not equipped to handle. Employees work differently now, accessing sensitive corporate data from their mobile devices while on the go, at airports, on public transport, or at off-site meetings.
Cyber opportunists have taken note and have started focusing their attacks on iOS and Android devices via phishing, messaging applications, jailbroken devices, and network-based attacks; beyond the corporate perimeter, where enterprise security isn’t protecting the user.
To put things in context, 88% of credential theft is achieved from a phishing link (Phishlabs) and Lookout research identified mobile users are 300% more likely to click a phishing link than desktop users. Often, even for a trained security professional, identifying phishing on mobile is extremely difficult to spot with the naked eye. Try it!
Small screen sizes on mobile devices make it difficult for users to identify phishing attacks due to the inability to hover over hyperlinks to show destinations. Furthermore, users often don’t take the extra time to ensure content is safe due to a misguided trust in the "inherent" security of mobile devices.
Common phishing tactics used by hackers include:
In most cases, personal email and applications co-exist on the same device as corporate applications. Therefore, once the device is compromised, so is the corporate data integrity. You can learn more about how phishing threats are evolving to target enterprise data outside of the traditional firewall in the "Mobile Phishing: Myths and facts facing every modern enterprise today" whitepaper here.
Other large-scale examples of real-life phishing attacks:
Dark Caracal uses phishing messages through WhatsApp and Facebook to lure victims into clicking malicious links and downloading Android malware. The Android malware, called Pallas, then surveils the victim’s device, collecting huge amounts of data. Dark Caracal targets include governments, militaries, utilities, financial institutions, manufacturing companies and defence contractors. The types of exfiltrated data are extensive, including documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos and account data.
The Pegasus surveillanceware received worldwide attention because of its severity. The operators distributing Pegasus sent victims a phishing message via SMS. If the victim clicked, it set off a chain of silent events, leading to one of the most sophisticated iOS device compromise attacks Lookout has seen. Similarly, once on the device, Pegasus monitored all the activity on the device and collected significant amounts of sensitive data.
For more in-depth information on how to identify phishing threats and prevent data leakage in your enterprise from mobile devices, register for Lookout’s upcoming webinar here.
About Lookout
Lookout is a cybersecurity company for the post-perimeter, cloud-first, mobile-first world. Powered by the largest dataset of mobile code in existence, the Lookout Security Cloud provides visibility into the entire spectrum of mobile risk. Lookout is trusted by hundreds of millions of individual users, enterprises and government agencies and partners such as AT&T, Verizon, Vodafone, Microsoft, Apple and others.
Het kabinet wil dat fabrikanten van smartphones en andere apparaten hun producten gedurende enige tijd van beveiligingsupdates ...
CISO - Chief Information Security Officer
De functie is hiërarchisch gepositioneerd onder de afdeling Dienstverlening en Informatiebeheer (DIB). Inhoudelijk wordt mede verantwoording afgelegd aan de concerncontroller en gemeentesecretaris. De gemeente Heerde kent op het gebied van informatievoorziening een nauwe samenwerking met Hattem en Oldebroek. Wij zoeken dus een teamplayer met passie voor informatiebeveiliging.
Wanneer je hieronder het e-mailadres van je account opgeeft wordt er een nieuwe activatielink naar je gestuurd. Deze link kun je gebruiken om een nieuw wachtwoord in te stellen.
Wanneer je het juiste e-mailadres hebt opgegeven ontvang je automatisch een nieuwe activatielink. Deze link kan je gebruiken om een nieuw wachtwoord in te stellen.
Geef je e-mailadres op en kies een alias van maximaal 30 karakters.
Je hebt je succesvol aangemeld. Voordat je je account kunt gebruiken moet deze eerst geactiveerd worden. Dit kan je zelf doen middels de activatielink die naar het opgegeven e-mailadres is verstuurd.