Cybercriminals Are Finding Success With Smartphone Phishing Attacks

Since phishing attacks are harder to spot on your smartphone, cybercriminals are starting to use them more and more. Cybercriminals have identified smartphones as an easy target to gain entry to networks, with cybersecurity researchers warning of the rising phenomenon.

The recent surge in smartphone phishing attacks has disproportionately affected the energy sector, as cyber attackers try to access networks used to provide services like electricity and gas. Cybercriminals have made the energy industry a primary target due to the nature of the business – they provide critical and vital services to individuals for everyday use. Why is this important? When it comes to ransom demands and making money, the more critical the business’s services the criminals are attacking, the more money there is to be made.

We recently saw this play out in real-time when the Colonial Pipeline was hit with a huge ransomware attack, making headlines as one of the most impactful ransomware attacks of the year. The attack meant gasoline shortages all across the Eastern United States. Colonial Pipeline was forced to pay nearly 5 million dollars to acquire the decryption key to restore their network. 

According to a recent report, mobile phishing attacks explicitly targeting the energy sector have increased 161%. This has resulted in  attacks targeting energy organizations accounting for a total of 17% of all mobile phishing attacks globally–that’s a lot! This is especially true when you consider that the energy sector was targeted ahead of industries such as finance, government, pharmaceuticals, and manufacturing–historically all major target industries. 

As cyber attackers get more confident, intelligent, and successful, we see them target industries (like the energy industry) that are directly correlated with the safety and well-being of citizens both nationally and globally. In short, cybercriminals are learning to target industries where the stakes are high

Why mobile devices?

Cybercriminals know that mobile devices (smartphones) are not usually secured with the same care as computers. They’ve identified mobile devices as a vulnerability point for most industries and organizations. Thus, mobile phishing has become a primary avenue for cybercriminals searching for entry into critical corporate infrastructures.

We’ll likely see this trend continue. For your part as an organization, consider the security implications of allowing employees to perform work tasks from mobile devices. Ask us if you have questions about how to secure your organization from mobile device vulnerabilities. Contact us here