With the rising popularity of iOS and Android devices for everything from sending a client an SMS to attending a Zoom call, it was only a matter of time before cybercriminals seized the opportunity to target users through the least protected and most popular communication medium, mobile.
SlashNext Threat Labs sees a multitude of mobile-specific phishing attacks daily. These attacks are customized specifically for mobile delivery and designed to only work for Mobile iOS or Android. What makes them particularly dangerous is the attack vector is not email but ads and SMS, where most phishing protection is not as effective.
Let’s review the most popular types of mobile-specific phishing attacks, which include:
- SMS based Money Transfer & Gift Scams (Figure: 1)
- Rogueware, including Fake VPNs, used to conduct Man-in-the-Middle attacks (Figure: 2-1 & Figure 2-2)
- ATO of popular mobile messaging service like WhatsApp or Instagram to hijack communication (Figure: 3.1 & 3.2)
- Telephone fraud like technical support scams (Figure: 4)
- Gift scam websites to conduct Credit Card Fraud (Figure: 5)
Screenshots of the Latest Mobile Specific Attacks
Figure 1: SMS based Money Transfer & Gift Scams
Figure 2.1: Rogueware, including Fake VPNs, used to conduct Man-in-the-Middle attacks
Figure 2.2: Rogueware, including Fake VPNs, used to conduct Man-in-the-Middle attacks
Figure 3.1: ATO of popular mobile messaging service like WhatsApp to hijack communication
Figure 3.2: ATO of popular mobile messaging service like Instagram to hijack communication
Figure 4: Telephone fraud like technical support scams
Figure 5: Gift scam websites to conduct Credit Card Fraud
Most phishing vendors have not kept pace with the innovations made by cybercriminals in the mobile space and are still focused on email-based phishing. With the lack of built-in phishing protection within iOS and Android, Mobile users are left with no choice but to rely on their security awareness training to dodge these phishing attacks. Most security awareness training is also focused on email specific attacks, leaving the cybercriminals with an abundance of mobile-specific phishing victims.
So what’s the solution? The solution lies in using a purpose-built mobile phishing solution to stop these phishing attacks before the damage is done. Think your MTD solutions will protect users? Think again, these solutions are built to stop mobile malware and are not effective against social engineering and phishing attacks. Furthermore, iOS restrictions prohibit vendors from making an anti-malware engine, leaving iOS users with only one threat: Phishing.
SlashNext Mobile Phishing Protection is purpose-built to protect users on social media, SMS and collaboration platforms by detecting credential stealing, rogue browser extensions, without compromise. Our fast, real-time phishing protection is a lightweight, cloud-powered app that protects iOS and Android users with no degradation in user experience and does not transmit personal data. SlashNext’s Mobile Phishing Protection service is easily deployed and managed with leading UEM solutions or SlashNext’s Endpoint Management System.
Join our webinar on August 26 at 10 AM PT to see how SlashNext’s deep machine learning speeds the inspection of billions suspicious URLs/IPs/Host/Domains to detect threats real-time, and how our browser extensions make for easier deployment and management particularly with a distributed workforce.