Attackers now take advantage of text messages, as well as some of today’s most popular and highly used social media apps and messaging platforms, such as WhatsApp, Facebook Messenger, and Instagram, as a means of phishing. Security professionals who overlook these new routes of attack put their organisations at risk.”

The report highlights a cyber crime phishing campaign dubbed Dark Caracal, which uses phishing messages through WhatsApp and Facebook to lure victims into clicking malicious links and downloading Android malware, called Pallas, which is designed to collect huge amounts of data.

Dark Caracal targets include governments, military organisations, utilities, financial institutions, manufacturing companies and defence contractors. The types of exfiltrated data are extensive, including documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos and account data.

To address the growing threat of mobile phishing and capitalise on the commercial opportunity, Lookout has introduced phishing and content protection to its mobile endpoint security product.

According to Lookout, the enhanced product is designed to detect phishing attempts from any source on mobile devices, block connections on mobile devices to known malicious links, alert users to phishing sites, and gain visibility into the frequency and severity of users clicking phishing and malicious links.