In a recent Dark Reading article, new research from Trusteer revealed that mobile users are the most likely to fall victim to fake e-mail messages and visit phishing sites.
Once they arrive at the fraudulent site they are also three times more likely than users on PCs to provide sensitive login information.
Why are mobile users more vulnerable?
The report also mentioned that iPhones users were more likely than BlackBerry users to visit fraudulent phishing sites. One potential explanation was that BlackBerrys are used by more enterprises, while iPods are popular with end-consumers and as we know, organizations are working diligently to educate their employees, implement security policies, acceptable use policies, etc…right?
Has your organization implemented ongoing security awareness training to ensure your employees (and third-parties) are aware of risks from mobile devices?
Do your employees understand what phishing is? What about smishing and vishing?
Do they know how to recognize the signs of a phishing attempt?
Do they know where to report suspicious incidents and phishing e-mails?
What should they do if they accidentally respond to a phishing e-mail and provide sensitive personal or organizational data?
It is critical for organizations to implement clearly defined policies for using mobile devices. It is also important that organizations continue to update their employees as risks, threats, requirements, etc. change on an ongoing basis. A once-a-year general training program is not enough; employees need ongoing awareness reminders.
One recommendation I would make is to share this Trusteer study with your employees. Many of your users may have no idea of the potential risks they can encounter on their mobile phone. Lessons learned make for great awareness tips and will help your employees understand your security requirements and acceptable use policies are there for good reason.