Mobile Phishing Surge: 82% of Sites Target Smartphones

According to a recent report by Zimperium, 82% of all phishing websites on the internet are now targeting mobile devices. Furthermore, 76% of these sites use the HTTPS protocol, misleading users by creating a false sense of security.

Zimperium specialists have recorded a significant 13% increase in unique malware samples over the past year, with Trojans and Riskware accounting for 80% of all threats. The healthcare sector exhibits the greatest vulnerability, with 39% of mobile threats linked to phishing attacks.

Cybercriminals are adopting mobile-targeted strategies to gain access to corporate systems. They exploit the weaknesses of these devices, leveraging their small screens and limited security indicators to deceive users and steal sensitive data.

According to Zimperium CEO Shridhar Mittal, mobile devices and applications have become the most crucial channels to protect in the digital age. With 71% of employees using smartphones for work, companies must implement multi-layered protection, including mobile security and app verification.

The report also highlights the rapid development of phishing websites—nearly a quarter of them become operational within 24 hours of launch, remaining undetected by traditional detection methods.

Third-party applications installed from unofficial stores present another significant risk for companies. The financial sector is particularly vulnerable, with 68% of threats linked to such apps. Moreover, users who install apps from unofficial sources are 200% more likely to encounter malware.

The Asia-Pacific region (APAC) leads in sideloading threats, with 43% of Android devices in the region running applications from unofficial sources.

The increasing number of vulnerabilities further complicates the protection of mobile devices. In 2023, there were 1,421 vulnerabilities recorded on Android devices—a 58% increase from the previous year. Sixteen of these were actively exploited in real-world attacks. Meanwhile, 269 vulnerabilities were identified on iOS devices, of which 20 were actively exploited. This presents an intriguing comparison.

Experts agree that companies must adopt more advanced mobile security solutions. “Mishing attacks and mobile malware are increasingly evading detection, often going unnoticed by businesses,” said Chris Cinnamo, Senior Vice President of Product Management, Zimperium. “To effectively navigate this evolving mobile threat landscape, enterprise security teams must prioritize the attacks specifically targeting employee mobile devices. Without proactive measures, these attacks will continue to weave into enterprises, exploiting the sensitive data and disrupting organizational operations.”

To combat the growing mobile threats, corporate security teams must prioritize defending against attacks on employees’ mobile devices. Without proactive protection measures, such attacks will continue to compromise companies, exploiting sensitive data and disrupting operations.