How Mobile Phishing Works and What to do About it

A Report by the Anti-Phishing Working Group (APWG)

Published May 2019

mobile-device-phishing-wp

Mobile devices have become an integral part of everyone’s personal and business life—consuming our attention almost every minute of every day and night. However, this ubiquity, coupled with the constraints of a small screen and limited memory and computational power, mean mobile devices are often less well-protected against security threats than desktop or laptop computers. Further complicating the matter is the fact that many enterprise workers also use their personal (consumergrade) mobile devices for business purposes.

This report by the Anti-Phishing Working Group (APWG.org) identifies numerous phishing threats impacting mobile device users. It also looks at the unique challenges of defending against mobile threats versus protecting desktop endpoints in enterprise environments. Finally, it lays out a path and several best practices for protecting mobile devices and users from various types of phishing and spear phishing attacks as well as emerging threat vectors such as voice and SMS.