If you get hit with a phishing attack today, most likely it will be your mobile device. That’s because mobile is where hackers are spending their creative energy.

According to an article on Hacker News this week, a new phishing attack was uncovered that is “based on the idea that a malicious web page could mimic [the] look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers.”

This phishing attack specifically targets iPhones by mimicking mobile browser animation and design. But, the researchers warn, this same type of attack could easily be adapted to target Android devices.

The article goes on to offer some advice for how to spot such an attack. It suggest that users pay attention to the real navigation bar at the top of the mobile browser and recognize that the contents of the page are fake. This is good advice, in theory. In practice, people are in a hurry, they’re distracted and are often in poorly lit places in which it is difficult to read the navigation bar on a mobile device.

To emphasize the vulnerability of mobile devices even further, Check Point Research exposed massive mobile adware and data stealing campaigns with over 250 million downloads globally. According to the research the campaigns target Android devices. This just goes to show it doesn’t really matter what type of mobile device you have, iOS or Android. Both are vulnerable.

These attacks are a form of indirect phishing. First, the user downloads the malicious app from the Google Play Store. Once that happens, the app opens a web browser with links provided by the app developer, enabling targeted spear-phishing on the users.

It’s becoming clear that attacks on mobile devices are only going to grow and that asking users to be the last line of defense is foolhardy. What users need is real-time phishing protection for their mobile device, regardless of the make and model. Whether the phishing attack comes directly from an email or indirectly from the app store, users need to be protected from themselves. So, even in situations where the phishing attack is so good it fools everyone, users are still protected.

It only takes one click to get phished. If you no longer want to be the last line of defense for your mobile device, head on over to Office 365 Phishing Protection and discover how fast, easy and inexpensive it is to protect your entire company.