Businesses are being hit with more mobile phishing than ever before

Businesses are increasingly facing mobile phishing attacks, as hackers shift their focus towards mobile devices, which are generally weaker and less frequently managed compared to laptops and desktop PCs. According to the "2024 Global Mobile Threat Report" by Zimperium, 82% of phishing sites now target mobile devices. By adopting a mobile-first strategy on a large scale, hackers employ various techniques to infiltrate enterprise systems.

A significant concern is that 76% of phishing sites targeting large enterprises utilize HTTPS, a secure communication protocol, thereby increasing the perceived legitimacy of these malicious sites and lowering victims' guards. Additionally, because mobile screens have limited real estate, users are less likely to notice security indicators, such as the URL bar.

In boosting perceived legitimacy, Netcraft researchers identified a sophisticated phishing-as-a-service tool called Darcula in late March 2024. This tool allows cybercriminals to send encrypted messages using the Rich Communication Services (RCS) protocol for platforms like Google Messages and iMessage, as opposed to the traditional Short Message System (SMS), making these messages tougher to intercept or block.

Zimperium emphasizes that time is critical for hackers engaged in mobile phishing, or "mishing." Newly created phishing sites can become fully operational almost immediately, with a quarter up and running within 24 hours.

Shridhar Mittal, Zimperium's CEO, advises that the only effective defense against this growing threat is a multi-layered security strategy, inclusive of mobile threat defense and mobile app vetting.

Earlier, SSP wrote that Google TV rolled out big updates to all devices.