Mobile Phishing attacks on the rise


Phishing is an often-malicious attempt to obtain sensitive user information such as credentials or banking and credit card details. Phishing attacks masquerade as a trustworthy entity to convince users to provide their information or open emails and install applications.  This not only poses a risk to individuals in the form of identity theft, ransomware and loss of funds but to businesses as well in the form of data theft, ransomware, leading to loss of consumer trust and potentially financial losses.

In its Q2 2017 Phishing Trends and Intelligence Report PhishLabs, PhishLabs notes that phishing attacks are up 41% in Q2.  Of note, phishing attacks targeting the financial industry have doubled in the second quarter.

Phishing with mobile apps

The rising trend in phishing attacks across email and websites is spilling over to mobile applications. According to a recent blog post by Wandera, their research finds 81% of mobile phishing attacks take place outside of email. Gaming apps are the main choice of attackers, followed quickly by email apps, sports, news/weather and productivity applications. With capabilities to repackage applications, it’s a simple task to introduce malicious code and fool unsuspecting users into installing a phishing application. 


Another method for mobile phishing is through the use of similar looking iconography and keywords giving fraudulent applications the appearance of legitimacy. Often these applications are available on non-mainstream application markets.  The consistent look and feel makes it difficult for users to differentiate between legitimate and malicious applications.

Implications to your organization

#1 -  Security of your organization

With the prevalence of BYOD, employees have the ability to install applications on their devices from a variety of sources. A user installing a malicious application on their device can compromise your organization from a credential and sensitive information theft perspective if the user is fooled by the application.  Additionally, malicious apps masquerading as legitimate may have access inside your corporate firewall potentially compromising your network.

#2 – Security of your customers

Your customers may be at risk.  A customer fooled into installing a fake application may provide sensitive banking information or credit card information under the belief they are doing secure business with your organization.  This can potentially have serious consequences for them in terms of financial losses and identity theft.

What can you do?

Education – Education about the existing of phishing and how to identify it is by far the most important step in preventing and mitigating phishing attacks, mobile or otherwise.  Users should be aware of what to look for to differentiate legitimate applications from fraudulent.

Password best practices - To mitigate the reach of a phishing attack, security best practices around password re-use and management may contain the damage an attacker can perform.

Detect and remove malicious apps – You to scan and detect malicious applications on your users’ devices.  Once identified, through the use of EMM Policies these applications can be blacklisted or removed.

Monitor the wild - As a way to protect your customers and company reputation you need to monitor application marketplaces for fraudulent or repackaged applications masquerading as your company's legitimate apps.  

Our RECON Platform is designed to continuously monitor and detect repackaged apps and fraudulent use of brand assets on your behalf. Learn more about Brand Protection or check out RECON live in our Threat Center.