Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • Phishing for Feds: Credential-Harvesting Attacks Found in New Study

    Phishing for Feds: Credential-Harvesting Attacks Found in New Study

    Stu Sjouwerman | Nov 3, 2022

    Phishing for FedsA study by researchers at Lookout has found that credential-harvesting phishing attacks against US government employees rose by 30% last year. The researchers also found that nearly 50% of US government employees are running older, unpatched versions of iOS and Android operating systems.

    “With more than one third of state and local government employees using their personal devices for work in 2021, these agencies are leading the government adoption of BYOD,” the researchers write. “While this provides employees with greater flexibility, these unmanaged devices are more frequently exposed to phishing sites than managed devices. This is because personal unmanaged devices connect to a broader range of websites and use a greater variety of apps.”

    The researchers observed a significant increase in mobile phishing attacks attempting to steal credentials rather than trying to deliver malware.

    “In 2021, almost 50% of all phishing attacks sought to steal credentials,” Lookout says. “The proportion of credential theft attacks against federal agencies increased at a rate of nearly 47% from 2020 to 2021 while the proportion of malware delivery decreased by 12%. State and local departments experienced a similar trend with credential theft attacks increasing and malware decreasing gradually.”

    Lookout concludes that organizations need to ensure that their employees are aware of the threat posed by social engineering attacks against mobile devices.

    “While mobile phishing attacks have become sophisticated, threat actors continue to reuse techniques enabling employees to recognize them once educated to do so,” the researchers write. “This shows that ongoing phishing and cybersecurity education is essential to enable employees to spot social engineering attacks. Your mobile threat defense solution should contain in-app education so that employees are informed every time a threat on their device is detected. All government entities need to ensure that they evolve their phishing training beyond desktops and emails to include challenges related to mobile phishing.”

    New-school security awareness training can enable your employees to thwart evolving social engineering attacks.

    Lookout has the story.

    Topics: Phishing

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe the KnowBe4 Blog

    Posts By Topic

    View All