Mobile cyber security is one of the most pressing concerns for businesses right now. Data from Cloudmark found that 48% of phishing attacks are on mobile phones and this number is set to double every year.
The Cloudmark report found that the five most common types of mobile phishing are:
Messaging apps - 17.3%
Social media - 16.4%
Email - 15.4%
Gaming - 11.3%
Productivity - 10.2%
Employees can be an organisation’s biggest weakness when it comes to cyber security if they don’t fully understand the risks and how to be aware of potential phishing and other cyber attacks.
Many people use their personal mobile phones for both work and personal communications, so this can add to the potential risk of cyber attacks for businesses. Businesses cannot check the security aspects of an employee's own mobile phone. Equally, many people with work mobile phones can add their own personal apps and details, which can also cause cyber security concerns for a business.
Mobile users find it more difficult to spot a phishing email or text message, partly because of the smaller screen size and partly because they can often be in a rush or multi-tasking when using mobile. It’s much harder to double check a URL, link or sender when on mobile, compared to on a laptop web browser.
Phishing emails or messages can be incredibly sophisticated and criminals spend a lot of time and effort making them look genuine. The rise of generative AI has also made it a lot easier for cyber criminals to create more convincing communications.
Some common forms of phishing via mobile include:
Spoof text messages from delivery companies, encouraging you to click on a link and add payment details
Whatsapp messages that proclaim to be from friends or family asking for money
Pretend promotional deals from well-known brands that are too good to be true
Fake messages from HMRC saying that the user has a tax refund and a link to click
Spear phishing messages purporting to be from colleagues to authorise fraudulent invoices
Fraudulent messages that will install malware on your mobile device
DI Dan Giannasi, head of cyber and innovation at the NWCRC, said:
“Throughout our training, we educate and train our members on the dangers of mobile cyber security. This is often overlooked by businesses as they usually focus on desktop computers, laptops and IT networks.
“Cyber criminals are incredibly sophisticated and phishing or spear phishing attempts can be really difficult to spot, even to a trained eye. Our advice to members is to check and double check the source before you click, before you add any details, and certainly before you add any financial details.”
How do I protect my business mobile phones from phishing attacks?
Set up two-factor authentication for all your accounts and social media
Train employees on how to spot phishing messages, especially on mobile devices.
Ensure that all business mobile phones are kept updated, as well as all of the apps on them.
Restrict which apps can be downloaded and used on a work mobile device.
Consider using a mobile cyber security product to manage your devices, such as Three Mobile Protect, which is available for business users.
Use a password manager for all business accounts and social media accounts.
Ensure employees don’t use unsecured wifi networks when working out of the office or home.
The North West Cyber Resilience Centre offers a range of budget-friendly training and consultancy services for small businesses.
