Users Clicking on Multiple Mobile Phishing Links Increases 637% in Just Two Years

New data from security vendor Lookout’s The Global State of Mobile Phishing report shows that phishing mobile devices as an attack vector is growing in popularity – mostly because it’s increasingly working… in exponential terms.

We all know phishing is the number one attack vector. But we should wonder whether phishing attacks that hit a corporate desktop email client or a mobile device are more impactful – and the users falling for the attacks are the cause.

• 21% of enterprise users experience mobile phishing attacks
• 36% of US users encounter mobile phishing attacks
• More than 50% of all mobile devices were exposed to a mobile attack in 2022

Why is mobile so prevalent and why are attacks working?

Let’s start by looking at some of the data around users engaging with mobile attack. According to the report, the percentage of users that engage with six or more phishing emails when using an enterprise device was only 1.6% back in 2020. Last year that number jumped to 11.8% – more than a 6x increase! When it comes to personal devices, the increase isn’t as staggering, but the numbers are still horrible – back in 2020, 14.3% of users clicked on six or more phishing links, with 27.6% doing so in 2022, a 93% increase.

According to the report, it appears that remote use of mobile devices is a part of the problem, with a greater issue being the use of personal devices (makes sense, as the user certainly isn’t thinking about protecting the organization when on their own mobile phone, etc.)

This data makes it clear that Security Awareness Training designed to educate users on the need to be continually vigilant, regardless of the device, is critical to an organization remaining protected against attacks.