“Phishing using HTTPS is not completely new,” Krishna Vishnubhotla, vice President for product strategy at Zimperium. “Last year’s report revealed that, between 2021 and 2022, the percentage of phishing sites targeting mobile devices increased from 75% to 80%. Some of them were already using HTTPS but the focus was converting campaigns to target mobile.”
“This year, we are seeing a meteoric rise in this tactic for mobile devices, which is a sign of maturing tactics on mobile, and it makes sense. The mobile form factor is conducive to deceiving the user because we rarely see the URL in the browser or the quick redirects. Moreover, we are conditioned to believe a link is secure if it has a padlock icon next to the URL in our browsers. Especially on mobile, users should look beyond the lock icon and carefully verify the website’s domain name before entering any sensitive information,” Vishnubhotla said.
The surge in mobile-targeted phishing attacks highlights the critical need for advanced, AI-driven security solutions that can detect and block sophisticated threats in real time, said Stephen Kowski, Field chief technology officer at SlashNext. “With threat actors increasingly leveraging secure protocols like HTTPS, traditional security measures are no longer sufficient to protect users and organizations.”