An increase in mobile vulnerabilities is one of 2019’s main dangers. According to Wandera, global leader in corporate mobile security, phishing is at the forefront. Its latest study claims that a mobile device user is 18 times more likely to be exposed to phishing than malware. Interview with Thierry Caliari, Regional Sales Director, Wandera, France.
by: Delphine Sabattier
photo: NeONBRAND / Unsplash
Remind us how a mobile phishing attack works?
For the victim, everything begins with a link received by SMS, email, instant messaging or social media. This link leads to a mobile site that looks like that of a trusted brand. The objective is to deceive the user, to make them believe that they have arrived on an official page. But in reality, the site is fake and run by pirates.
Why is phishing the #1 threat on smartphones?
More than 4000 mobile phishing sites are created each day, one every 20 seconds! Smartphones do not have the same protections as computers, but half of all phishing attacks occur on mobile devices. Mobile users do not react in the same way they would on a computer. They seek speedy executions and are less careful. Small screens and shortcuts also make it harder for the user to detect suspicious URLs. In 2019, with the rise of social networks and mobile chats, we are still seeing a proliferation of links to fraudulent sites.
Do the same risks exist on corporate smartphone fleets?
Yes, phishing attacks also target employees as a vulnerable gateway to an organization. One in seven employees visits an adult site from their professional smartphones, for example. This is just one of the risky uses. Clicking without thinking on a link sent by a so-called colleague is another.
“Stop clicking without looking or asking questions! Take the time to carefully read the messages you receive with links.”
What risks are companies running?
First, they are held responsible if personal data of their employees is hacked from a corporate device. Then, it can cost them heavily if the attack is a success: compromised bank accounts, theft of customer data, etc.
Can we trust secure sites in HTTPS?
Unfortunately, no. It’s very easy to get an SSL certificate. This is all the more worrying since the HTTPS reinforces a false sense of trust.
What do you recommend to users?
Stop clicking without looking or asking questions! Take the time to carefully read the messages you receive with links. You have to ask yourself: who is sending me this link? Is it a legitimate person? The second recommendation is to update your smartphone – OS (iOS or Android) and apps – to correct vulnerabilities.
Can we really defeat a mobile phishing attack before it claims its first victim?
It is important to have a predictive approach. At Wandera, it’s called zero-day phishing. Our solution is based on an automatic learning method and intelligence engine: the algorithm locates phishing sites from a series of clues, such as a URL that may contain spelling errors and the content pages. We also study the logo, the colors of the brand, etc. There are always errors found in replications. The analysis performed by our intelligent agent generates a risk score that determines whether the page should be flagged and blocked. And because our technology is based on learning, the tool refines its predictions each time.
TOP 5 brands used for mobile phishing:
1. Facebook
2. Apple
3. Google
4. Amazon
5. Paypal
TOP 5 mobile app phishing vectors:
1. Mail (+170% increase compared to 2017)
2. Social networks (+ 102% increase compared to 2017)
3. Email
4. Video Games
5. Productivity
TOP 3 most used messaging apps for mobile phishing:
1. SMS
2. WhatsApp
3. Facebook Messenger
TOP 10 most used keywords for mobile phishing:
1. Account
2. Securis*
3. Verif*
4. Com-
5. Update
6. Support
7. Service
8. Connect
9. Auth-
10. Confirm
*Any word starting with
Sources © 2018 Wandera
