Financial Services Experience 125% Rise in Exposure to Mobile Phishing

Financial services and insurance organizations experienced a 125% rise in exposure to mobile phishing attacks in 2020 compared to 2019, according to Lookout’s Financial Services Threat Report.

The cloud security firm also found that malware and app risk exposure went up by more than 400% on average per quarter last year among the industry’s employees and customers. This was despite a 50% growth in mobile device management deployment during this period.

This surge in exposure to risk has come as cyber-criminals have deliberately ramped up their targeting of phones, tablets, and Chromebooks to try to exploit vulnerabilities. Lookout noted that even a single successful phishing or mobile ransomware attack can enable access to highly sensitive data in this industry, including proprietary market research, client financials, and investment strategies.

Another finding from the study, which looked at telemetry data from nearly 200 million mobile devices and 140 million apps, was that almost 50% of phishing attempts attempted to steal corporate login credentials.

Particularly concerning was that close to 20% of mobile banking customers had a trojanized app on their device when trying to sign in to their account.

Additionally, Lookout revealed the extent to which delays in downloading the latest software updates for mobiles exposes users to significant cyber-risks. More than a fifth (21%) of iOS and around a third (32%) of Android devices were exposed to more than 390 iOS and 1060 Android vulnerabilities, respectively, due to running iOS 13 or earlier and Android 10 or earlier.

Gert-Jan Schenk, chief revenue officer, Lookout, commented: "These findings demonstrate that regardless of whether a device is managed or unmanaged, attackers have equal success in deploying phishing campaigns.

“In addition, phishing can be particularly difficult to detect on a mobile device. We inherently trust these devices, which makes us vulnerable to social engineering attacks. Protecting modern endpoints requires a different approach—one that is built from the ground up for mobile and can continuously secure an organizations’ data from endpoint to the cloud.”

What’s Hot on Infosecurity Magazine?