Users admit to letting their guard down when using mobile devices

By Rohyt Belani

The survey carried out by PhishMe, the leading provider of security behaviour management services, looked at the attitudes of over 130 IT security professionals towards phishing emails and it worryingly revealed that over 62 percent believe they are far more likely to fall for a phishing attack if they are targeted via their mobile phone.

Respondents were also asked when they feel they let their guard down most when looking at emails and 23 percent felt most vulnerable when they were looking at emails on the phones whilst travelling, while 30 percent felt early Monday morning and late Friday nights were their worst times for falling foul of phishing scams.

It is increasingly important that employees recognize suspicious communications sent to both desktop and mobile platforms, particularly as more and more mobile devices are connected to the corporate network and have access to confidential data. As has been demonstrated in recent months, hackers are gaining access to seemingly highly secure systems by targeting employees through spear-phishing.

Phishing emails try to trick the recipient into doing something they shouldn’t, by disguising malicious attachments or links within seemingly genuine content. If the user does respond, then it could let the hacker gain access to the corporate network in order to acquire sensitive information such as usernames, passwords or R&D information. PhishMe has proven that immersive training improves employee behaviour and complements existing technical controls to holistically tackle this ominous threat.

Mobile devices provide attackers with a new attack surface, with a variety of factors that make phishing attacks carried out over mobile platforms. Viewing emails over a mobile device makes it more difficult to view underlying URLs and information about the sender, while shortened URLs in SMS phishing messages are difficult to identify. These challenges make it important to train users in techniques to identify fraudulent communications, such as verifying the message through another means of communication.

About the author

Rohyt Belani is Chief Executive Officer at PhishMe.

PhishMe provides organizations the ability to improve their employees’ resilience towards spear phishing, malware, and drive-by attacks. The detailed metrics PhishMe provides make it easy to measure the organization’s progress in successfully managing employees’ security behaviour. With over 4 million individuals trained in 165 countries, PhishMe has been proven to reduce the threat of employees falling victim to advanced cyber attacks by up to 80 percent.

PhishMe’s methodology entails periodically immersing employees in simulated phishing scenarios, and presenting bite-sized, engaging training, instantly to those found susceptible. The solution provides clear and accurate reporting on user behaviour, allowing customers to measure improvement over time. PhishMe works with Federal Agencies and Fortune 1000 companies across many industries to include financial services, healthcare, higher education and defence.

http://phishme.com/  

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s