Hackers and scammers have always resorted to using phishing attacks to mine sensitive information out of victims. The American telecommunications company Verizon revealed that 90% of their recorded data breaches began with a phishing attack. Back when emails were the only mode of communication during the internet’s infancy, hackers send out phishing emails that fooled recipients into divulging personal information, like credit card information and various passwords. As humans were able to identify the nature of such emails, they not only spread that knowledge among other end-users but also helped develop AI that segregated such emails into spam.
The rise of other modes of online communication, especially instant messaging and video calling, has rendered emails nearly obsolete – only to be used in corporate, academic and government setting today. This has forced cyber-criminals to embrace such mediums as a vector and push phishing messages on them. The phenomenon, called Mobile Phishing, is on the rise globally due to the increasing trend of smartphone adaptation and more users using messaging platforms for communication.
As awareness regarding email phishing spread, mobile phishing began its rise. Phishing emails also lost its maliciousness due to email clients using AI to develop built-in tools that identified any potential phishing emails and either send it to span or alerted the user to it. In contrast, there are no such security measures for SMS, or for app-based messaging services. Given the sheer number of different messaging apps out there, it is challenging to develop a catch-all defense against mobile phishing attacks. This results in mobile-based attacks being at least three times more effective than the phishing that takes place through the desktop. Without any doubt, mobile providers should make further investments into raising cybersecurity awareness and improving it on mobile.
Whatsapp has been at the forefront of such Mobile Phishing attacks. The lack of filtering or alert system in Whatsapp has prevented such malicious messages being flagged. When a user receives a link on WhatsApp, it usually generates a preview of that website’s logo and page title. These are easy for an attacker to fake but might give a phishing message enough of a veneer of legitimacy for the user to get caught off guard.
Users who are familiar with phishing emails also has the potential to fall victim to it. Analysts say that 15 percent of end users will fall for multiple attempts in the same year. An IBM study says users are three times more likely to fall for phishing on mobile devices. Most of these attacks last for less than a day before being shut down and relocated elsewhere.
As Mobile Phishing doesn’t show any signs of abatement, how does one defend against these phishing attacks? For once, users can stay vigilant and act caution when asked for personal information online. Login details, such as passwords and sensitive information must not be divulged under any circumstances. Adhering to a VPN network can protect against spear phishing attacks. It perhaps isn’t surprising that enterprising cybercriminals are making in-roads in the mobile space. However, the awareness of this particular type of attacks remains low. Be wary of any unsolicited messages you receive from an online service, and don’t trust a link that you didn’t ask for.