top of page
  • Writer's pictureCarolyn Hughes

The rise of mobile phishing and cyber attacks

Mobile cyber security is one of the most pressing concerns for businesses right now. Data from Cloudmark found that 48% of phishing attacks are on mobile phones and this number is set to double every year. 

The Cloudmark report found that the five most common types of mobile phishing are: 

  • Messaging apps - 17.3%

  • Social media - 16.4%

  • Email - 15.4%

  • Gaming - 11.3%

  • Productivity - 10.2%

Employees can be an organisation’s biggest weakness when it comes to cyber security if they don’t fully understand the risks and how to be aware of potential phishing and other cyber attacks. 

Many people use their personal mobile phones for both work and personal communications, so this can add to the potential risk of cyber attacks for businesses. Businesses cannot check the security aspects of an employee's own mobile phone. Equally, many people with work mobile phones can add their own personal apps and details, which can also cause cyber security concerns for a business. 

Mobile users find it more difficult to spot a phishing email or text message, partly because of the smaller screen size and partly because they can often be in a rush or multi-tasking when using mobile. It’s much harder to double check a URL, link or sender when on mobile, compared to on a laptop web browser. 

Phishing emails or messages can be incredibly sophisticated and criminals spend a lot of time and effort making them look genuine. The rise of generative AI has also made it a lot easier for cyber criminals to create more convincing communications. 

Some common forms of phishing via mobile include: 

  • Spoof text messages from delivery companies, encouraging you to click on a link and add payment details

  • Whatsapp messages that proclaim to be from friends or family asking for money 

  • Pretend promotional deals from well-known brands that are too good to be true 

  • Fake messages from HMRC saying that the user has a tax refund and a link to click 

  • Spear phishing messages purporting to be from colleagues to authorise fraudulent invoices

  • Fraudulent messages that will install malware on your mobile device

DI Dan Giannasi, head of cyber and innovation at the NWCRC, said: 

“Throughout our training, we educate and train our members on the dangers of mobile cyber security. This is often overlooked by businesses as they usually focus on desktop computers, laptops and IT networks. 
“Cyber criminals are incredibly sophisticated and phishing or spear phishing attempts can be really difficult to spot, even to a trained eye. Our advice to members is to check and double check the source before you click, before you add any details, and certainly before you add any financial details.” 

How do I protect my business mobile phones from phishing attacks? 

  • Set up two-factor authentication for all your accounts and social media 

  • Train employees on how to spot phishing messages, especially on mobile devices. 

  • Ensure that all business mobile phones are kept updated, as well as all of the apps on them. 

  • Restrict which apps can be downloaded and used on a work mobile device. 

  • Consider using a mobile cyber security product to manage your devices, such as Three Mobile Protect, which is available for business users. 

  • Use a password manager for all business accounts and social media accounts. 

  • Ensure employees don’t use unsecured wifi networks when working out of the office or home. 

The North West Cyber Resilience Centre offers a range of budget-friendly training and consultancy services for small businesses. 


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page