Financial services and insurance firms received 125% more mobile phishing scams in 2020 compared to the previous year, according to Lookout’s Financial Services Threat Report.
The study credits the rise to cyber criminals’ specifically targeting phones and tablets to exploit vulnerabilities – either in the software or in the way people use the devices.
It coincides with the increased flexibility in the way people work amid the pandemic. Many organisations have resorted to BYOD (bring your own device) policies, with employees using their personal phones to stay in touch with colleagues and bosses, or as a way to provide two-factor authentication.
As such, attackers that compromise that line of communication have access to a wealth of information.
Professional and personal spaces are blurred
The pandemic has naturally blurred the lines between employees’ personal and professional lives. The dual use of devices is an extension of the fact that workspace has been appropriated into our homes.
Our workspace doubles as a dining room table, or a spare bedroom, or wherever else we can work – and our office hours merge almost seamlessly into our morning routine and evenings.
This of course comes with information security risks, from network vulnerabilities to the possibility of sensitive data being improperly stored. But when employees use personal devices for work purposes, the threats increase further – and because they are outside the remit of your IT team, you alone are responsible for the device’s security.
But, as Lookout’s report found, few employees understand the threats facing them. It found, among the financial service sector’s employees and customers, malware and app risk exposure increased by more than 400% in 2020 on average per quarter.
Additionally, it found that 21% of iOS users and 32% of Android users hadn’t downloaded the latest operating system, exposing them to hundreds of vulnerabilities.
Gert-Jan Schenk, Lookout’s chief revenue officer, said: “These findings demonstrate that regardless of whether a device is managed or unmanaged, attackers have equal success in deploying phishing campaigns.
“In addition, phishing can be particularly difficult to detect on a mobile device. We inherently trust these devices, which makes us vulnerable to social engineering attacks.
“Protecting modern endpoints requires a different approach—one that is built from the ground up for mobile and can continuously secure an organizations’ data from endpoint to the cloud.”
Protect your staff from phishing scams
You can find out more about mobile scams and how to keep your organization secure with our Phishing Staff Awareness E-Learning Course.
This online course explains everything you need to know about online fraud, from phony text messages and emails to telephone con artists.
Your staff will learn about specific cons, the consequences of a successful attack, and how to identify a bogus message before it’s too late.