This week, Lookout, Inc., is warning employees and businesses that phishing attacks across enterprise and personal devices are expected to more than double this week, based on historical data.
With more corporate data residing in the cloud today and an increased number of employees working remotely, mobile has become the endpoint of choice for the modern workforce. However, since these devices have traditionally been neglected as part of a company’s overall security strategy, they have also become the most susceptible target for external hackers to gain access to corporate cloud infrastructure through social engineering and credential theft.
During the busy Black Friday shopping week, the risk of being targeted by a malicious phishing campaign only increases as employees are more distracted and moving quickly to get the best deals on their holiday purchases. This creates a perfect opportunity for potential hackers to carry out socially engineered phishing attacks that can lead to credential theft and direct access to sensitive corporate data.
The warning comes as new Lookout research reveals that:
- Two in five employees (63%) admit that they are more distracted during Thanksgiving week as they juggle work and play during the holiday.
- The vast majority of employees (89%) will capitalise on Black Friday and Cyber Monday sales with more than half (57%) admitting they are more likely to click on unfamiliar links in search of good deals.
- Two-thirds of employees (66%) will shop on personal mobile phones which are notoriously overlooked in security planning – in fact, nearly half of workers (47%) reported their employer provides no mobile security platform for device protection.
- The research finds that the most popular social media apps that will be used on mobile by employees this week are Facebook (76%), Instagram (63%) and TikTok (50%).
“As shoppers look to take advantage of the best online sales, fraudsters will do the same. But rather than discounted gifts, the best deal for a cybercriminal is access to corporate data that can then be distorted and/or sold for huge sums of money,” said David Richardson, Vice President of Endpoint and Threat Intelligence, Lookout. “A popular technique is to target employees on their mobile devices through social engineering – dodging traditional enterprise security protection by messaging the victim via their personal messaging accounts. Last year, we saw a huge spike in phishing rates. As employees are distracted by shopping on their mobile device, CISOs face a significant phishing risk. But rather than just focusing on the particular methods attackers may use this Thanksgiving, businesses should take a data-centric approach and monitor for changes in user behaviour and anomalous data transfers.”
The survey follows the 2022 Lookout Global State of Mobile Phishing Report which found:
- In 2022, more than 50% of personal devices were exposed to a mobile phishing attack every quarter.
- The percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.
- Organisations that operate in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were the most heavily targeted enterprises.