Online discussion forum Reddit on Friday confirmed that its systems were hacked as a result of a sophisticated and highly-targeted phishing attack.
Phishing has infiltrated every form of communication, from work and personal e-mail to SMS, social media, and even advertising, and now a new study has revealed that one in 10 people click on phishing links while on their mobile devices.
This doesn’t mean simply receiving messages, but actually clicking on them, according to the analysis of phishing trends within a sample of 500,000 protected devices across 90 countries, including India.
Among the key findings of the report by Cloud security firm Wandera (a Jamf company), the number of mobile users falling for phishing attacks has increased by 160 percent (year-on-year).
Nearly 93 percent of phishing domains are hosted on a “secure” website with a padlock in the URL bar.
“Today, 93 percent of successful phishing sites are utilising HTTPS verification to conceal their deceitful nature. This number has increased dramatically from 65 percent in 2018,” according to the report.
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
It is easier for an attacker to exploit a person and capture data via a phishing attack than it is to exploit a robust device operating system.
“In fact, user credentials are far more valuable to an attacker in this age of cloud-enabled enterprises, as they provide access to sensitive data that is stored and managed beyond the device in software-as-a-service (SaaS) applications, online file storage repositories and data centre,” the report noted.
Phishing attack delivery has evolved far beyond poorly-worded emails offering ‘unclaimed lottery winnings’.
“They are not only more personalised and more convincing, but they are also reaching users in more places than ever before and increasingly going beyond consumers to target business credentials and data,” the report noted.