"Mobile Phishing Attacks on Government Staff Soar"

Security researchers at Lookout have discovered that mobile-based credential theft attacks against federal government employees increased by 47% from 2020 to 2021, exposing agencies to a serious risk of breaches.  The security researchers analyzed more than 200 million devices and more than 175 million apps.  The researchers found that around half (46%) of state, local, and federal US government employees were the target of mobile-based credential phishing attempts in 2021, up from 30% a year earlier.  The researchers claimed that one in eight government employees were exposed to phishing threats last year via “social engineering within any app including social media platforms, messaging apps, games, or even dating apps.”  The researchers didn’t mention SMS or email explicitly as phishing vectors, although these are perhaps the most popular.  The researchers stated that phishing exposure means threat actors could steal credentials to hijack accounts to gain access to sensitive government data and systems or install malware to eavesdrop on conversations and steal logins that way.  The researchers noted that part of the threat comes from the large number of unmanaged devices in use across federal, state, and local government.  The researchers revealed a 55% increase in the use of such devices from 2020 to 2021 as BYOD and remote working became the norm across many organizations.  The researchers noted that patching is also a problem.  The researchers stated that nearly 50% of state and local government employees are currently running outdated Android operating systems, exposing them to hundreds of device vulnerabilities.

Infosecurity reports: "Mobile Phishing Attacks on Government Staff Soar"