Phishing is one of the most common threats to your data security. 32% of confirmed data breaches in 2018 involved phishing attacks, as found by the 2018 Verizon Data Breach Report. The good news is that most of us have gotten very good at recognizing a phishing email when we see one. At least, when we see it on our computers. But studies have found that mobile phishing attempts, phony emails you open on your phone, are a lot harder for us to detect than “normal” attacks we receive on our desktops. This makes them a lot more dangerous. In this post, we’ll go over the characteristics of a mobile phishing attack and discuss the reasons why you’re more likely to click on that bad link when it shows up on your phone screen.
Let’s start with the obvious: though we’ve come a long way in terms of mobile device design, there’s a lot less real estate on your phone screen than there is on your laptop or desktop. Why is this important? Visibility. When you’re looking at an email on your desktop, there’s a lot of information instantly available to you. You can hover over the links in the email to check for suspicious URLs, and you can very easily see the address that sent you the email. If firstname.lastname@example.org is the one emailing you, asking you to verify your login credentials, you’re going to see it at the top of your desktop window and think twice about clicking. Compare that to the experience of opening an email on your phone. There’s no hover option on your mobile device, so you can’t see the URL attached to the “Click Here” box. Most email applications also limit the sender information immediately available to you, not to be purposefully deceitful but because there’s just not enough space on your phone screen for everything. If you want to double check the sender address, it’s usually hidden behind a click or two. And this is not a good thing, because of our second point…
On the Go
If you’re using your phone for work, that typically means you’re not at your desk. You’re probably on your way to a meeting or traveling to a conference, so your brain is occupied with other things. An absentminded click on an email that looks like it came from Facebook is all it takes for a hacker to steal your credentials and wreak havoc within your business network. Phones are designed to do one thing at a time and if you’re already in a hurry you’re not going to take the extra three or four clicks it would take to exit your email application, open a browser to perform a search for more information, then close the browser, then go back into the email and decide whether or not it’s a phishing attempt.
Things to Remember
Simply being aware of these vulnerabilities should help to make you more vigilant in the future; most of us don’t realize there are distinct differences between the experience of opening emails on different devices because it’s not something we think about. Email is email, right? Well, as it turns out, not exactly. So, remember that your desktop isn’t the only place where you might find a phishing attempt. If you’re going to use your phone for work, be doubly vigilant, and if you’re ever unsure of an email’s legitimacy take the extra time necessary to verify the sender.
Are you concerned with the security of your network? Do your employees need security training? SouthTech employs certified industry experts and works with best in business security vendors to offer awareness training and monitoring software, all designed to keep your business protected. Call 855-941-TECH to discuss your concerns with an engineer today.