With the increase in remote working, there’s been a sharp rise in mobile phishing attacks. You don’t have to be a data scientist to correlate the relationship between the two. Even if people in your workplace are returning to the office for at least some part of the working week, large numbers of employees will continue to work remotely for some time to come.
Hackers focusing on remote workers for phishing attacks
With many employees now needing to use mobile devices as part of their productivity toolkit from home, hackers have stepped up their attacks and are taking advantage of the move from physical corporate environments to mobile or home offices.
The mobile platform gives hackers a large canvas on which to deliver malicious links for installing malware, including text and SMS, social media, messaging platforms, and productivity applications.
Why mobile device users are more susceptible to mobile phishing attacks
Unlike desktops, the mobile interface is small, so there’s less information displayed which can conceal the red flags that highlight a potential phishing attack. On desktops, users can check the authenticity of a web address by simply hovering their mouse over a link. As this option is not available on a mobile, it can be difficult to detect if a link is malicious or not.
According to our partner MobileIron, during the time of COVID-19, hackers have gone on the attack with:
- COVID-19 text message scams pretending to be contact tracers and sending fake text messages to alert people that they have been in contact with a COVID-19 patient, including malicious links for more information.
- LinkedIn spear-phishing campaigns, impersonating HR employees and sending fake job offers with malicious files that contain custom malware and ex-filtrate data from victims’ devices when opened.
- Slack phishing messages, hijacking third-party apps to send phishing messages that dupe Slack users into installing malicious apps.
Tips for protecting your business from phishing attacks
Protect remote workers from mobile phishing with these practical steps on mobile data and device security, including:
- Refresh training and education
- Regularly update mobile policies
- Require VPN use when using Wi-Fi
- Employ multi-factor authentication
- Leverage Enterprise Mobility Management software
1. Refresh training and education
To ensure employees understand the importance of cyber-security – especially when they’re working from home, it’s essential for employees to be comfortable recognising and reporting threats and what steps they must follow to prevent a breach.
2. Regularly update mobile policies
Include mobile policies as part of your standard training and onboarding procedures, including information on:
- Approved mobile devices and tech support availability
- On-device security requirements
- Standard network access practices for mobile devices
- Personal security responsibilities to avoid events like phishing attacks
- Current risks
3. Require VPN use when using Wi-Fi
A VPN ensures secure connections for remote workers, acting as a middleman between a device and the internet – the website interacts with the VPN server which communicates with the device. Since this interaction is encrypted, nobody can see what data is shared online.
4. Employ multi-factor authentication
Multi-factor authentication provides an additional layer of security for users accessing company apps, tools, and data from remote locations. Users are required to prove their identities using two or more verification methods before being authenticated.
5. Leverage Enterprise Mobility Management software
As your first line of defence against mobile phishing attacks, using EMM tools allow your IT teams to secure mobile devices, applications, and the data stored on them, and keep mobile phishing threats at bay. For example, Mobile Threat Detection tools detect and analyse threats as well as take swift action against them and restore compromised devices to a compliant state. This technology detects and remediates malware, viruses, worms, bots, phishing, and a variety of other cyber threats.
Remember, on mobile, phishing threats can come from any app, email, SMS text, or messaging app. With more sensitive data flowing through these mobile phone endpoints, it’s critical to adopt technology solutions to meet mobile cyber-security needs.