Mobile phishing: The biggest unsolved problem in cybersecurity
Mobile phishing brings together new channels for phishing employees (such as messaging apps and SMS) and reduced screen size, causing one of the biggest problems businesses have faced in cybersecurity yet. As you can see in the infographic below, the rates of phishing on mobile have grown a shocking 85 percent year over year for the past five years. Attackers are moving to the mobile device as a profitable place to perform phishing attacks because phishing on mobile is more difficult to identify and block for both existing security technology and users.
First, mobile devices introduce a variety of new points-of-entry for attackers. Traditionally, attackers have used email as the avenue for attack on desktop, but on mobile you must also take into account social media apps, messaging apps, personal email accounts, and SMS.
Second, the mobile device user-interface and form fact both obscure potential indicators of attack. For example, it's highly difficult to preview a link on a mobile device. Where a person would typically hover over a link on a desktop interface, mobile devices don't offer such previews.
Mobile devices are also both personal and used for work. This means that while enterprises have shored up their email clients with enterprise-grade phishing protection (such as secure email gateways), attackers know they can exploit the user on a device that has both access points through personal accounts sitting next to work data or apps.
In fact, although Lookout successfully protected them against the attacks, according to the Lookout security cloud global dataset, 56 percent of users received and tapped on a phishing link. Attackers are able to bypass existing security measures and socially engineer individuals. Fortunately, Lookout successfully protected these users. In our latest whitepaper, Mobile phishing 2018: Myths and facts facing every modern enterprise, we pull back the curtains on phishing on mobile - exposing the myths and facts you need to know to stay informed and one step ahead of malicious actors.
Let's take a quick look at why phishing on mobile is this problematic, and see what Lookout is doing to go beyond the status quo - securing mobile against phishing attacks in innovative ways through phishing and content protection.
Phishing on mobile goes beyond corporate email-based attacks
Traditional firewalls, secure email gateways, endpoint protection, and better overall consumer awareness of what phishing has done a good job of keeping today's corporations protected from corporate email-based phishing attacks.
But mobile is an entirely different beast. Unlike desktops, mobile devices introduce new and unique security enterprise challenges for email and beyond - ones that attackers are keen on exploiting. For example, mobile devices often:
- Are connected outside traditional firewalls
- Lack endpoint security solutions
- Access messaging platforms not used on desktops
Plus, the features, functionality, and relatively small screen size of mobile devices do not offer the depth of detail required for users to sniff out phishing attacks. It's no wonder then that mobile users are three times more likely to fall for phishing scams.
Additionally, mobile opens up other doors that email-based phishing, including attacks via SMS and MMS, as well as social media apps and messaging platforms such as WhatsApp, Facebook Messenger, and Instagram.
Even at a glance, it becomes clear traditional firewall and endpoint security modalities are ill-equipped to offer the kind of comprehensive protection needed against modern phishing attacks on mobile. Lookout, however, is leveling the playing field.
How Lookout solves the phishing problem
Lookout Mobile Endpoint Security now includes phishing & content protection, giving organizations next level defense and administrative capabilities of employee devices, both personally- and corporate-owned.
Lookout phishing & content protection is designed to detect phishing attempts from any source on mobile devices, including email (corporate or personal), SMS, chat apps, social media, and more, and allows administrators to set policies to protect against phishing attempts.
Lookout offers better visibility into your organization's entire Spectrum of Mobile Risk, offering protection against malicious content whether your employee is inside the protected corporate network or not.
Our protection is unique in that it doesn't rely upon inspecting message content to identify malicious and phishing URLs. Instead it blocks any attempted connection to such URLs at the network level thus maintaining full employee privacy, which is important when recognizing that social and messaging platforms used on mobile devices are highly sensitive and private to the user.
While enterprises might take a very similar approach to analyze the risk of phishing on mobile, the tactics for protecting enterprise data from phishing on mobile must be implemented differently.
Lookout offers the only comprehensive solution in the market today, covering the full spectrum of mobile risk and providing key integrations with partners to make deploying Lookout quick and easy for customers. To learn more about how to solve mobile phishing in your organization, visit https://www.lookout.com/phishing