Another day, another warning about holiday scams! Lookout Inc., a data-centric cloud security company, is warning employees and businesses that phishing attacks are expected to more than double this week, based on historical data.
With more corporate data residing in the cloud and a massive amount of employees still working remotely, mobile has become the endpoint of choice for the modern workforce. However, since these devices have traditionally been neglected as part of a company’s overall security strategy, they have also become the most vulnerable target for hackers to gain access to corporate cloud infrastructure through social engineering and credential theft.
During the busy Black Friday shopping week, the risk of your users being targeted by a malicious phishing campaign increases as they are more distracted and attempting to get the best deals on their holiday purchases. This creates a perfect opportunity for potential hackers to carry out phishing attacks that can lead to credential theft and direct access to sensitive corporate data.
This warning comes as new Lookout research reveals that:
- Two in five employees (63%) say that they are more distracted during Thanksgiving week as they juggle their work and personal lives.
- The vast majority of employees (89%) will capitalize on Black Friday and Cyber Monday sales with more than half (57%) admitting they are more likely to click on unfamiliar links in search of good deals during these big sales.
- Two-thirds of employees (66%) will shop on personal mobile phones which are notoriously overlooked in security planning – in fact, nearly half of workers (47%) reported their employer provides no mobile security platform for device protection.
- The most popular social media apps that will be used on mobile by employees this week are Facebook (76%), Instagram (63%) and TikTok (50%).
“As shoppers look to take advantage of the best online sales, fraudsters will do the same. But rather than discounted gifts, the best deal for a cybercriminal is access to corporate data that can then be distorted and/or sold for huge sums of money,” said David Richardson, Vice President of Endpoint and Threat Intelligence, Lookout. “A popular technique is to target employees on their mobile devices through social engineering – dodging traditional enterprise security protection by messaging the victim via their personal messaging accounts. Last year, we saw a huge spike in phishing rates. As employees are distracted by shopping on their mobile device, CISOs face a significant phishing risk. But rather than just focusing on the particular methods attackers may use this Thanksgiving, businesses should take a data-centric approach and monitor for changes in user behavior and anomalous data transfers.”
The survey follows the 2022 Lookout Global State of Mobile Phishing Report which found that over 50% of personal devices were exposed to a mobile phishing attack every quarter. More alarmingly, the percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year. The report also found that organizations in highly regulated industries – such as insurance, banking, legal, healthcare and financial services – were the most heavily targeted enterprises.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.