According to Lookout Inc.'s Global State of Mobile Phishing report, 2022 had the highest percentage of mobile phishing encounters ever recorded, with an average of over 30% of personal and enterprise users exposed to such attacks every quarter. The report also found that users on all devices are tapping more on mobile phishing links than two years ago. The potential annual financial impact of mobile phishing on an organization of 5,000 employees is nearly $4 million, and mobile phishing encounter rates have increased by approximately 10% for enterprise devices and more than 20% for personal devices since 2021.
Furthermore, more than 50% of personal devices were exposed to a mobile phishing attack every quarter in 2022, and the percentage of users falling for multiple mobile phishing links in a year is rapidly increasing year over year. Highly regulated industries such as insurance, banking, legal, healthcare, and financial services were the most heavily targeted enterprises, and non-email-based phishing attacks, such as vishing (voice phishing), smishing (SMS phishing), and quishing (QR code phishing), have grown rapidly.
Threat actors can now initiate advanced attacks by stealing user credentials since users, endpoints, and applications are now closely connected. Mobile phishing is one of the most effective tactics to steal login credentials, posing significant security, compliance, and financial risk to organizations in every industry.
The rise of remote work has likely contributed to this, as organizations relax bring-your-own-device (BYOD) policies to accommodate employees accessing corporate networks outside the traditional security perimeter.
Mobile phishing attacks are also growing more sophisticated, with a jump in the share of mobile users in enterprise environments clicking on more than six malicious links annually, indicating that users are having a tougher time distinguishing phishing messages from legitimate communications. The report emphasizes the need for organizations to evolve their cybersecurity strategy to proactively combat mobile phishing, making it a top priority for organizations of any size.