The number of targeted attacks has increased in recent months smartphones to gain access to and violate corporate networks.
Phishing emails are a major issue for them users desktops and laptops. But now, smartphone users should also be concerned. The increase in attacks coincides with the time when everyone was quarantined and working remotely. As many people used smartphones for their work, the hackers they started aiming so much Android as well as iOS phones.
Phishing attacks on desktop they can leave some marks that indicate that something is wrong (there is the possibility of previewing links and attachments or viewing email and URLs). However, the control process is not so easy on mobile e-mail, social media and messaging apps on smartphones.
"It's hard to spot signs, which we usually find on a laptop or desktop, because of the very small screen," said Hank Schless, a Lookout executive.
"Because we can't preview links, see full URLs and quickly open whatever comes, the malicious hackers they invest their time and energy to make these campaigns undetectable to the untrained eye ”.
In many cases, the attackers plan fake login pages that look authentic. If a user enters them credentials on a phishing page, via his smartphone, the data will be sent to hackers. The attackers then acquire access to corporate accounts of the victims.
Mobile phishing attacks against personal accounts are also on the rise. The attackers take advantage of smartphones and mobile browsers to steal data connection, banking information and other personal information data.
Η Lookout discovered a campaign, which he sent mass phishing messages to customers of a large Canadian bank. The messages asked customers to log in to their account, directing them to pages identical to the original ones.
According to Schless, phishing attacks smartphones will evolve even more and will be even harder to spot.
Hackers have realized that they can be exploited Appliances (such as smartphones) that are not protected by traditional corporate security policies. In this way, they can gain access to the infrastructure of an organization.
Defending against mobile phishing attacks can be difficult. However, properly informing employees can help. Organizations could also consider using one systemic security for mobile phones, which, however, will not exceed the limits related to user privacy.
"Ideally, the solution should not control the content and should only alert the person when they encounter a malicious link. "Also, it should automatically rule out anything malicious," Schless said.