When it comes to secure mobility, users have been shouting Apple’s praises for years because its iOS has long had a reputation for being more secure than Android. This has translated into making some users feel almost invincible … and therefore to be more lax in terms of their own sensitivity and awareness to potential attacks, as well as their habits for preventing such events. However, recent trends indicate that while iOS may still not be as susceptible to malware as Android, it is actually MORE susceptible to phishing attacks. Read on to learn more and arm yourself with tips to protect yourself, your business and your devices.

For years, companies spent time and money investing in ways to protect desktop computers and their users from falling prey to phishing attacks. In response, hackers and cyber criminals have continued to develop new methods for targeting unsuspecting companies and users, especially through mobile apps, social media and other novel approaches. This trend is underscored by research from Proofpoint, which indicates that phishing attacks conducted over social media increased some 500% in the final three months of 2016 alone.

types of phising

Image source: Wandera Blog

To take this one step further, mobile security company Wandera conducted additional research on phishing trends. The findings released last month paint a very grim picture for mobile users, noting that the rise in mobile phishing attacks make it one of the most pressing security issues of the year. More specifically, 81% of mobile phishing attacks happen outside of email and 85% of organizations have been phished whether they know it or not! The findings also detail that iOS mobile phishing attacks represent 63% of the total number of attacks, compared to 37% on Android. Interestingly, the top source for iOS phishing is gaming apps, either through the release of knockoff games designed to steal credentials or by exploiting social elements of legitimate games.

Fighting the good fight

As direct “give me credentials” attacks fade are replaced by login portal imitations and background data collection, it can be difficult to tell the real from the fake … and easy to fall victim to a phishing scam. After all, unaware users are STILL the number one vector for cybercrime…and probably always will be. To help prevent Android and iOS mobile phishing attacks alike, consider spending the time to train yourself and your employees to:

  • Be suspicious of “login here” links. If an app, email or website encourages you to click on a link to go to a login page, always choose to enter the URL of the legitimate site (paypal.com, for example) directly into your browser and log in without assistance.
  • Always glance at the URL of the site you’re on to be sure it’s not a fake.
  • Never share credentials via social media — even encrypted messaging services. There’s always the potential for something to be harvested.
  • Never download questionable apps, even from legitimate sources like the App Store.
  • Communicate immediately to your users about any known attacks as soon as details are available.
  • Incorporate mobile device usage policies that encourage best practices and safe mobile usage behavior.
  • Utilize a mobile threat prevention (MTP) solution with your enterprise mobility management (EMM) software to help increase organizational security and prevent a serious data breach.

A little effort can go a long way to prevent one bad “phish” from spoiling your whole business pond!