Zimperium warns organisations of increase in mobile phishing attacks

Zimperium

After recent in house analysis, Zimperium is warning organisations about the escalating threat of mobile phishing attacks.

Mobile phishing includes various forms such as SMS phishing (smishing), voice phishing (vishing), app-based phishing, email phishing and social media phishing.

While some of phishing campaigns appear to target consumers, they can serve as a trojan horse to deliver malware, capture reused passwords, or hijack OTPs, ultimately  infiltrating corporate networks and applications on the device.

The latest analysis from Zimperium’s zLabs highlights the rapid deployment of phishing sites and the growing trend of using secure HTTPS connections to deceive mobile device users.

Key Points:

  • Advanced Phishing Techniques:
    Mobile Phishing scams are evolving to exploit trust in new ways, with 87.1% of phishing URLs now using secure HTTPS connections, creating a false sense of security for users. Attackers are also using a single domain to host multiple fraudulent sites, targeting several brands simultaneously.
  • Rising Mobile Threat Landscape:
    At present, 78% of phishing sites are specifically targeting mobile browsers, making mobile devices a prime target. These attacks are becoming increasingly sophisticated, with 60% of new phishing domains obtaining an SSL certificate within the first 2 hours of being registered, making them quickly operational over a secure connection.
  • Phishing Site Lifespan:
    The analysis reveals that while 50% of phishing sites are discovered within the first week of being created, the remaining half remain active as zero-day threats for longer than a week. This underlines the critical need for real-time, on-device detection to protect users effectively.
  • One Domain, Multiple Targets:
    Attackers are leveraging domains to host multiple fraudulent sites, often targeting brands that are commonly associated or share the same geographic focus. This tactic increases the risk of credential theft as users often reuse passwords across different sites.
Immediate Action Required:

Zimperium has emphasised the urgent need for organisations to adopt advanced, real-time mobile on-device threat detection technologies to combat the fast-evolving phishing threat to mobile devices.

Traditional security measures are no longer sufficient to protect against the sophisticated mobile threat tactics used by modern mobile phishing campaigns.

Why It Matters

Mobile phishing is an evolving threat that leverages secure connections to deceive users, making it more dangerous than ever. With 78% of phishing sites targeting mobile browsers and 87.1% of these sites using HTTPS, it is imperative for businesses and individuals to strengthen their mobile security strategies to mitigate these rising risks.

Call to Action

With the rapid deployment of phishing sites and the increasing use of secure connections, proactive measures are essential to protect sensitive user and corporate data on mobile devices. Zimperium urges businesses and individuals to immediately assess and protect their mobile security defences. 

You can learn more here.

Expert insight

“Mobile phishing attacks are evolving rapidly, particularly on mobile platforms where traditional defences are proving inadequate,” Nico Chiaraviglio, Chief Scientist at Zimperium, stated. “Our latest analysis shows the critical importance of real-time, on-device detection to protect against these sophisticated threats.”

To read more Zimperium news, click here.

Share
Tweet
Post

Related posts

Scroll to Top