Mobile phishing attacks are on the rise, with 82% of phishing sites now targeting mobile devices, marking a 7% increase over the past three years.

A Zimperium analysis of mobile devices revealed cybercriminals are using HTTPS, a secure communication protocol, in 76% of phishing sites to give victims a false sense of security.

This tactic makes it more difficult for users to recognize phishing attempts, especially on mobile devices with smaller screens.

A quarter of protected devices worldwide encountered malware, with enterprise spyware threats surging by 80%, many previously unknown.

Google Android devices saw a 58% increase in vulnerabilities, while Apple iOS devices experienced a 10% rise.

Along with these findings, the report documented a 45% rise in devices connecting to unsecured networks and a doubling of connections to rogue access points.

The report also revealed that the healthcare industry faced the highest mobile threats, with 39% of attacks tied to phishing.

Stephen Kowski, field CTO SlashNext Email Security+, suggested healthcare organizations should adopt zero-trust security models and deploy AI-driven threat intelligence platforms to detect and prevent mobile phishing attacks.

“Implementing strict access controls and regularly updating mobile device management policies are essential,” he said.
He noted continuous security awareness training tailored to healthcare-specific threats is also crucial.

MDM, MFA Critical for BYOD

Patrick Tiquet, vice president of security and architecture at Keeper Security, said as mobile devices have become essential to business operations, securing them is crucial, especially to protect against the large variety of phishing attacks.

He recommended organizations implement robust Mobile Device Management (MDM) policies, ensuring that both corporate-issued and BYOD devices comply with security standards.

“Regular updates to both devices and security software will ensure that vulnerabilities are promptly patched – safeguarding against known threats that target mobile users,” he said.

Tiquet noted enforcing multi-factor authentication (MFA) adds another layer of protection for sensitive data, while password managers play a crucial role by generating and storing strong, unique passwords and supporting advanced MFA methods.

“Regular employee training on cybersecurity best practices and simulated phishing exercises will help reinforce secure behaviors,” he added.

Kowski said enterprises should also adopt a comprehensive mobile security strategy that includes continuous vulnerability scanning and risk assessment.

In addition, implementing advanced endpoint protection solutions that can detect and mitigate threats in real time is crucial.

“Regular security audits and penetration testing can help identify and address vulnerabilities beyond those covered by platform updates,” he said.

Risks of Sideloaded Apps

Mika Aalto, co-founder and CEO at Hoxhunt, noted that sideloaded apps present a significant security risk as they often bypass the vetting processes of official app stores, increasing the likelihood of malware or spyware being installed on devices.

He said enterprises should enforce strict policies against sideloading apps and limit employees’ ability to install non-official apps on work devices.

“An MDM system can be used to control app installations, restrict permissions and ensure compliance with security protocols,” he explained.

He added companies should educate their staff on the dangers of sideloaded apps through HRM platforms, reinforcing that the use of non-verified apps can expose the entire organization to heightened security risks.

“We are at the point where we must look at securing the human every bit as much as the devices they use,” Aalto said. “While regular platform updates are essential, they are not sufficient to address all mobile security risks.”