Mobile Phishing Attacks Against Enterprises Rising

Malicious actors are targeting enterprises at a higher rate with mobile phishing attempts in 2024, according to new data from the mobile security company Zimperium.

Eight-two percent of all phishing sites reported were specially designed to target mobile devices and mobile users, according to Zimperium's 2024 zLabs Global Mobile Threat report. That's a 7% increase in the last three years. Those same mobile phishers are also taking additional effort to avoid detection.

This includes the adoption of HTTPS, the secure protocol often used to convince clients that their website is legitimate. This method is further empowered by a "hit-and-run" approach used by several phishers, Zimperium said. These hit-and-run phishers will launch a website with a deceptive domain before taking it down soon after, making tracking the source increasingly complex.

Zimperium's Shridhar Mittal

“It is undeniable that mobile devices and applications have become the most critical digital channels to protect in our organizations,” said Shridhar Mittal, Zimperium CEO. “In today’s digital age, where 71% of employees leverage smartphones for work tasks, enterprises must effectively protect their mobile endpoints by adopting a multi-layered security strategy including mobile threat defense and mobile app vetting. Our zLabs researchers meticulously analyzed the nature of mobile attacks, uncovering an attack surface within enterprises that requires a strategic and mobile-centered response.”

Related:Fortinet Engage Partner Program Evolves to Services Model

Malware Behind Mobile Phishing

Malware has been on the rise. Zimperium said that nearly one in four protected devices encountered malware in 2024. Riskware and trojan horses were also the most common tools used by mobile phone hackers, making up 80% of observed malware threats.

Platform vulnerabilities are also a known issue that's risen in recent years.

Sideloaded apps were also a significant issue. More than two-thirds (68%) of mobile threats were attributed to apps downloaded and installed from unofficial app stores, also known as sideloading.

Zimperium claims the health care sector is the industry most likely to be targeted. Nearly two in five (39%) of mobile threats were directed toward medical workers' mobile phones.

The mobile security provider announced in July that it would launch its first formal partner program this year to encourage new business opportunities.