Employees appear to be clicking on phishing links in large numbers. Researchers from Jamf claim that one in ten employees has clicked on a malicious link in the past.
Furthermore, Jamf says the number of employees clicking on phishing links has increased by no less than 160 percent in one year.
The largest number of attacks appear to be directed from domains that possess over a SSL certificate, and are therefore considered safe. The graphical ‘padlock’ inherent to SSL certificates is said to play a part in giving victims a false sense of security.
It also appears that employees are increasingly encountering phishing through various forms of communication, from business and private email to text messages, social media, messaging and advertisements.
Mobile devices attacked more often
Another important conclusion of the researchers is that hackers are increasingly targeting mobile devices. Mobile devices have smaller screens and often display links in a graphic form. This makes it more difficult for users to discover suspicious URLs and senders than on PCs or laptops. Since many mobile devices enter company networks as BYOD, Jamf calls on companies to pay more attention to the risks and extend their security layer to personal mobile devices.
More brand names misused
Jamf’s researchers also note that phishing attacks are leveraging well-known brand names more and more. Think of well-known providers of IT services such as Apple, PayPal and Amazon, whose names are used to entice victims to click.