SMiShing is a Growing Mobile Phishing Threat Vector (That Needs Your Attention)

Protecting mobile users from today’s phishing threats is a huge and growing challenge for IT security teams. Employees increasingly rely on mobile devices as part of their everyday business and personal tasks. And with the popularity of mobile BYOD, unclear security policies, lack of full-time VPN tunneling, and relatively poor protections on mobile, users of these devices are at higher risk of mobile phishing threats.

Here are some additional stats to ponder from Verizon’s 2020 Mobile Security Index report:

  • 54% of companies were less confident about the security of their mobile devices than that of their other systems
  • 15% of enterprise users (18% in the U.S.) encountered a mobile phishing link in Q3 2019
  • 21% of organizations that were compromised said that a rogue or unapproved application had contributed to the incident
  • 39% of companies suffered a mobile-related security compromise
  • 31% of devices were found to harbor known threats, based on MobileIron data
  • 45% of organizations said that their defenses are falling behind attackers’ capabilities
  • 85% of attacks seen on mobile devices now take place via mediums other than email

These statistics are too compelling to ignore if you’re responsible for corporate security!

While email remains the most popular overall phishing attack vector, an increasingly common (and dangerous) attack vector is SMS phishing for mobile devices. These attacks – often called SMiShing – are initiated in the form of a text message disguised as a communication from a trusted brand such as a bank or payment service, or even a trusted person, and frequently uses a disguised link. People tend to respond to text messages much quicker and with less thought than email, and their screens can hide important clues about the web pages they visit, making SMiShing a very effective, and thus dangerous, attack vector.

Further complicating matters is that phishing protections on iOS and Android devices is almost non-existent, putting users and organization at increased risk of SMiShing attacks. With SlashNext, however, malicious SMS/text messages are accurately identified and quarantined, protecting users from taking the bait. Our native iOS and Android apps provide heavyweight mobile protection yet feature lightweight memory consumption and negligible battery usage.

SlashNext iOS SMS protection setup and SMiShing text example

Today’s reliance on mobile devices as a business tool means that it’s time to take mobile phishing protection seriously! Our Mobile Phishing Protection protects iOS and Android device users, and our Browser Phishing Protection comes as lightweight browser extensions that augment endpoint security solutions on Windows, MacOS, Chrome OS, and Linux machines operating both inside and outside the network perimeter. Both solutions provide the industry’s strongest remote user phishing protection against zero-hour threats, regardless of how users are phished.

To find out how you can protect your mobile workforce from sophisticated phishing and social engineering attacks, contact us to see a demonstration of our anti-phishing and IR solutions.

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.