Zimperium Warns Organizations of Increase in Mobile Phishing Attacks

What:
Zimperium, the global leader in mobile security, is warning organizations about the escalating threat of mobile phishing attacks. Mobile phishing includes various forms such as SMS phishing (smishing), voice phishing (vishing), app-based phishing, email phishing and social media phishing. While some of phishing campaigns appear to target consumers, they can serve as a trojan horse to deliver malware, capture reused passwords, or hijack OTPs, ultimately  infiltrating corporate networks and applications on the device. The latest analysis from Zimperium’s zLabs highlights the rapid deployment of phishing sites and the growing trend of using secure HTTPS connections to deceive mobile device users.

Key Points:

  • Advanced Phishing Techniques:
    Mobile Phishing scams are evolving to exploit trust in new ways, with 87.1% of phishing URLs now using secure HTTPS connections, creating a false sense of security for users. Attackers are also using a single domain to host multiple fraudulent sites, targeting several brands simultaneously.
  • Rising Mobile Threat Landscape:
    At present, 78% of phishing sites are specifically targeting mobile browsers, making mobile devices a prime target. These attacks are becoming increasingly sophisticated, with 60% of new phishing domains obtaining an SSL certificate within the first 2 hours of being registered, making them quickly operational over a secure connection.
  • Phishing Site Lifespan:
    The analysis reveals that while 50% of phishing sites are discovered within the first week of being created, the remaining half remain active as zero-day threats for longer than a week. This underlines the critical need for real-time, on-device detection to protect users effectively.
  • One Domain, Multiple Targets:
    Attackers are leveraging domains to host multiple fraudulent sites, often targeting brands that are commonly associated or share the same geographic focus. This tactic increases the risk of credential theft as users often reuse passwords across different sites.

Immediate Action Required:
Zimperium emphasizes the urgent need for organizations to adopt advanced, real-time mobile on-device threat detection technologies to combat the fast-evolving phishing threat to mobile devices. Traditional security measures are no longer sufficient to protect against the sophisticated mobile threat tactics used by modern mobile phishing campaigns.

Why It Matters:
Mobile phishing is an evolving threat that leverages secure connections to deceive users, making it more dangerous than ever. With 78% of phishing sites targeting mobile browsers and 87.1% of these sites using HTTPS, it is imperative for businesses and individuals to strengthen their mobile security strategies to mitigate these rising risks.

Call to Action:
With the rapid deployment of phishing sites and the increasing use of secure connections, proactive measures are essential to protect sensitive user and corporate data on mobile devices. Zimperium urges businesses and individuals to immediately assess and protect their mobile security defenses.

Learn more here: Deep Dive into Phishing: Chronology, Threats, and Trends – Zimperium

Expert Insights:
Nico Chiaraviglio, Chief Scientist at Zimperium, stated: “Mobile phishing attacks are evolving rapidly, particularly on mobile platforms where traditional defenses are proving inadequate. Our latest analysis shows the critical importance of real-time, on-device detection to protect against these sophisticated threats.”

Media Inquiries: For more information or to schedule an interview with one of our experts, please contact Jaime Le at jaime.le@zimperium.com.

About Zimperium:
Zimperium is the leading provider of mobile security solutions, offering real-time, on-device protection against known and unknown threats. With advanced machine learning technology, Zimperium delivers comprehensive security for mobile devices, applications, and networks, safeguarding organizations from data breaches and financial loss.