Mobile phishing attacks at an all time high?

More than 30% of enterprise and personal users were exposed to mobile phishing attacks every quarter; highly regulated industries most heavily targeted.

Lookout has released its Global State of Mobile Phishing report. According to Lookout data, 2022 had the highest percentage of mobile phishing encounter rates ever, with an average of more than 30% of personal and enterprise users exposed to these attacks every quarter. Lookout also found that users on all devices – whether personal or work provided – are tapping more on mobile phishing links in comparison to just two years ago. 

 

Report findings also include:

The potential annual financial impact of mobile phishing to an organisation of 5,000 employees is nearly $4 million.

Since 2021, mobile phishing encounter rates have increased roughly 10% for enterprise devices and more than 20% for personal devices.

In 2022, more than 50% of personal devices were exposed to a mobile phishing attack every quarter.

The percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.

Organisations operating in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were the most heavily targeted enterprises.

Non-email based phishing attacks are growing rapidly, with vishing (voice phishing), smishing (SMS phishing) and quishing (QR code phishing) increasing seven-fold in the second quarter of 2022.

Users, endpoints and applications are now so closely connected that threat actors can initiate advanced attacks simply by stealing user credentials. Mobile phishing is one of the most effective tactics to steal login credentials, which means that mobile phishing itself poses significant security, compliance, and financial risk to organisations in every industry. It is likely that the rise of remote work has contributed to this, as organisations relax bring-your-own-device (BYOD) policies to accommodate employees accessing corporate networks outside the traditional security perimeter. 

 

Mobile phishing attacks are also growing more sophisticated. The share of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022, indicating that users are having a tougher time distinguishing phishing messages from legitimate communications. 

 

“Mobile as a threat surface will continue to grow, and hybrid work continues to grow in tandem, introducing huge numbers of unmanaged devices into the enterprise environment,” said Aaron Cockerill, chief strategy officer at Lookout. “It is more important now than ever for organisations to evolve their cybersecurity strategy to proactively combat mobile phishing. As one of the most effective attack vectors for threat actors, often serving as a starting-point for more advanced attacks, mobile 


Commvault plans to acquire Satori Cyber Ltd to bolster its data security and AI governance...
Clumio Backtrack offers rapid, precise data recovery for DynamoDB, enhancing resilience for...
runZero teams up with Aqaio to enhance its exposure management platform in Germany, aiming to...
Cynomi's 2025 State of the vCISO Report reveals AI's profound impact on service delivery and the...
By Artur Martins, CISO | Cybersecurity Strategy Executive Advisor, Logicalis.
Alcatel-Lucent Enterprise introduces OmniVista Terra, offering combined on-premises and cloud...
NinjaOne unveils its automated endpoint management platform on Google Cloud Marketplace, enhancing...
Acronis partners with Metrofile Cloud to enhance disaster recovery, offering advanced solutions...