As we increase our reliance on tiny screens, we see a huge rise in specifically designing phishing attacks that target your smartphones.

As a result, we see an increase in the many hundred of thousands phishing websites found designed to phish mobile devices, according to cybersecurity researchers at Zimperium. In contrast to the many phishing websites that were device agnostic. In other words, you could click the link from a computer or mobile, and set up to steal your usernames and passwords, in times past. As a result, websites designed only for phishing mobile phones makes up 75% of all phishing sites. That’s to say a massive rise has occurred.

Cybercriminals are probably rejoicing at the fact that mobile devices make it more challenging for users to identify phishing emails and malicious websites because of the tiny screen.

For example, the email address of a sender will appear smaller on a mobile and the user might not notice the dodgy address, unless they inspect it properly. On the other hand, a desktop is more prominent due to the size of the device.

Secondly, links are easier to see by quickly hovering over it the hyperlink with the mouse cursor on a desktop computer and easily spotting the fake – poor spelling or large strings of random text within the URL. Whereas it is more difficult to see the address of links on mobile devices.

The sheer issue of size means on the smartphones you’re also less likely to check the source of the email and more likely to continue clicking if you’ve taken the bait.

In addition, targeting mobile devices means criminals can use other tactics in their assault such as SMS messages, messaging applications, in-app chat links and more. These tactics are used to trick victims to go in their malicious sites

Most importantly, these malicious phishing websites are set up to appear just like the real branded website. So at first glance on a small device your favourite store or top brands are most commonly imitated by phishing websites. These include Microsoft, Amazon, Facebook and PayPal which are everyday brands for most of us.

CEO of Zimperium, Shridhar Mittal said that “Distributed and hybrid workforces, ever-connected devices, high-speed 5G connectivity, and increased critical data access from remote locations have spread enterprises worldwide.” He also added that “cybersecurity was not built to support these environments…so organizations need to effectively secure this new reality.

Firstly, to combat the problem users need to be cautious, slow-down, and double check the links they follow.

Secondly, rather than automatically clicking on a link from an email or text message sent from your known brand, go to the brands genuine website and login.

If several your employees use smartphones it is worth investing in some security protections.

An additional barrier to usernames and passwords being exploited is the use of multi-factor authentication.

Want insights like this in your mailbox? Join our monthly mailing list

How can we make your business better with IT?