conejota - Fotolia

Gaming apps ‘main source’ of mobile phishing attacks, research shows

Analysis of 100,000 corporate devices shows more than a quarter of traffic going to phishing domains was from gaming apps

Gaming apps are the most likely source of phishing attacks on corporate devices, according to research by mobile security firm Wandera.

The company tested 100,000 corporate devices to analyse how much traffic was going to phishing domains, and pinpointed gaming (25.6%)  and email apps (18.9%) as most likely to be misappropriated by hackers.  

Hackers use phishing to gain access to sensitive information about a user, such as bank details, when the victim clicks a particular link. Email is known to be a major source of phishing attacks, but the research revealed that 81% of this nefarious traffic came from other places, such as gaming, sports, productivity and messaging apps.

In the case of gaming, hackers can create fake copies of popular apps and use their platform to gather information on users, while messaging apps can provide attackers with an access point to sensitive business data by spoofing legitimate corporate domains to fool corporate users into responding.

The research also found that most phishing attacks on mobiles involved iPhones (63%), with Android accounting for 37% of attacks.

Joel Windels, vice-president of marketing at Wandera, said educating employees is key to reducing the risk of attack. “Part of the solution must involve education and basic training around best practices for employee behaviour,” he said in a blog post. 

Read more on mobile security

  • How IT admins can deal with the high number of current mobile security issues. 
  • How mobile device management and security can help protect health data for hospitals. 
  • How Android devices compare to iOS in terms of their mobile security.

“This should include the principles of sensible communications practices, such as never clicking on links in unsolicited emails or shared through mobile apps, and refraining from sharing credentials or personal information with anyone via any mobile channel – even in those apps you normally trust.”

Windels said it is inevitable that someone in an organisation will make a mistake and be attacked, “so it is absolutely vital that you have a security solution in place that is able to monitor and intercept any traffic directed at phishing sites”.

Read more on Hackers and cybercrime prevention