iOS users are 18x more likely to be phished than to download malware

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

Phishing is the number one mobile threat affecting organizations. The Wandera’s Phishing Report 2018 shows that iOS users are 18x more likely to be phished than to download malware, and that 4000 new mobile phishing websites are launched every day.

ios phishing malware

This shift to mobile is supported by data that reveals 48% of phishing attacks are on mobile, and research that shows users are 3x more vulnerable to phishing on mobile than on desktop.

With more than 57% of all Internet traffic coming from mobile devices, it’s no surprise that attackers have turned their attention to mobile employees and the wide range of communications apps and sites they use. With a 170% increase of SMS phishing and a 102% increase in social app phishing from 2017 to 2018, it’s clear that dedicated mobile phishing attacks are now the technique of choice for malicious actors.

Corporate devices hold a vast array of data for attackers to target. While many apps are authenticated with single sign on services like Okta and OneLogin, many employees make use of their own user credentials or Facebook and Google logins.

The average iOS user has 14 different accounts on their work phone, typically including services such as Amazon, Paypal and AirBnb. On Android, there are even more for the phishers to steal, with the average user having apps requiring 20 unique logins.

Growth in mobile phishing

  • The average mobile iOS user is 18x more likely to encounter a phishing attack than a malware attack
  • A new mobile phishing page is launched every 20 seconds. That’s more than 4,000 new phishing sites per day
  • 6.2% of all successful mobile phishing attacks take place on dating apps
  • 90% of cyberattacks start with a phishing attack
  • Users are 3x more likely to fall for phishing on mobile than desktop.

Applications where mobile phishing attacks originate

  • Messaging (17.3%)
  • Social media (16.4%)
  • Dating (6.2%)
  • Gaming (11.3%)
  • Email (15.4%)
  • Sports (6.2%)
  • News and weather (3%)
  • Productivity (10.2%)
  • Travel (2.1%)
  • Ecommerce (5.3%)
  • Music (1.3%)
  • Food and drink (2.2%)
  • Finance (1%)
  • Health and fitness (2.1%).

Top 5 apps for messenger phishing

1. Messenger (inbuilt iOS/Android)
2. WhatsApp
3. Facebook Messenger
4. LINE
5. Viber

Top 10 brands targeted by phishing attacks

  • Facebook
  • Apple
  • Google
  • Amazon
  • Paypal
  • Government sites
  • Microsoft
  • Fox News
  • Dropbox
  • Whatsapp.

Top 5 TLDs that host phishing attacks

  • .com
  • .ga
  • .tk
  • .ml
  • .cf