Phishing for Feds: Credential-Harvesting Attacks Found in New Study

Phishing for FedsA study by researchers at Lookout has found that credential-harvesting phishing attacks against US government employees rose by 30% last year. The researchers also found that nearly 50% of US government employees are running older, unpatched versions of iOS and Android operating systems.

“With more than one third of state and local government employees using their personal devices for work in 2021, these agencies are leading the government adoption of BYOD,” the researchers write. “While this provides employees with greater flexibility, these unmanaged devices are more frequently exposed to phishing sites than managed devices. This is because personal unmanaged devices connect to a broader range of websites and use a greater variety of apps.”

The researchers observed a significant increase in mobile phishing attacks attempting to steal credentials rather than trying to deliver malware.

“In 2021, almost 50% of all phishing attacks sought to steal credentials,” Lookout says. “The proportion of credential theft attacks against federal agencies increased at a rate of nearly 47% from 2020 to 2021 while the proportion of malware delivery decreased by 12%. State and local departments experienced a similar trend with credential theft attacks increasing and malware decreasing gradually.”

Lookout concludes that organizations need to ensure that their employees are aware of the threat posed by social engineering attacks against mobile devices.

“While mobile phishing attacks have become sophisticated, threat actors continue to reuse techniques enabling employees to recognize them once educated to do so,” the researchers write. “This shows that ongoing phishing and cybersecurity education is essential to enable employees to spot social engineering attacks. Your mobile threat defense solution should contain in-app education so that employees are informed every time a threat on their device is detected. All government entities need to ensure that they evolve their phishing training beyond desktops and emails to include challenges related to mobile phishing.”

New-school security awareness training can enable your employees to thwart evolving social engineering attacks.

Lookout has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews