Mobile phishing against company employees

Mobile phishing against company employees

Share post

Stolen employee credentials are one of the most effective ways for attackers to infiltrate a company's infrastructure. In 2022, the number of mobile phishing attacks was higher than ever.

Once they have the credentials of any of the accounts in hand, it is much easier for them to bypass the security measures and gain access to sensitive data. But how do the attackers get these credentials? In many cases, the answer is mobile phishing. A global study, “The Global State of Mobile Phishing Report” by Lookout found that in 2022 the number of mobile phishing attacks was at an all-time high: one in three personal devices and one in three corporate devices was affected by at least one attack suspended every quarter. This trend continued unabated in the first quarter of 2023.

How BYOD has changed the phishing landscape

🔎 Frequency of mobile phishing attacks on cell phones around the world in 2022 (Image: Lookout).

Hybrid work environments and bring-your-own-device (BYOD) policies could be two reasons for the increase. Companies have had to accept that personal mobile devices are increasingly being used for professional purposes. However, it is important to remember that any mobile device – personal or corporate, managed or unmanaged, iOS or Android – is vulnerable to phishing attempts.

Smartphones and tablets have made it easier for employees to be productive from anywhere, but they've also brought new challenges for IT and security teams. BYOD policies mean more people than ever are using their personal devices for work. This means that the risks they face when using these devices for personal reasons also pose risks for the company. IT and security teams also have significantly less visibility into these devices than corporate-owned devices, meaning it's harder to control these heightened risks.

Targeted attacks on employees' personal devices

These factors mean that attackers are now targeting users' personal devices in order to penetrate corporate environments. An employee can be the victim of a social engineering attack through private channels such as social media, WhatsApp or email. Once this is the case, attackers can gain access to his employer's networks or data. It's also not a one-off event, with Lookout data showing that by 2022, more than 50 percent of personal devices have been exposed to some form of mobile phishing attack at least once per quarter.

Millions are at stake

Data isn't the only thing companies risk when employees fall for a phishing scam. Lookout estimates that the maximum financial impact of a successful phishing attack has increased to almost $5.000 million for companies with XNUMX employees. Highly regulated industries such as insurance, banking and legal are considered the most lucrative markets and are particularly vulnerable to attacks due to the large amount of sensitive data they hold.

These high costs come at a time when phishing attacks are at an all-time high. Compared to 2020, the number of phishing attacks is now 10 percent higher on corporate devices and 20 percent higher on personal devices. Also, people are clicking on phishing links more often than they were in 2020, which could mean attackers are getting better at crafting authentic-looking messages. With more risk and more money at stake than ever before, organizations must adapt their security strategies to protect their data.

Protect data against mobile phishing threats

The mobile phishing landscape is more treacherous than ever, especially as remote working increases. IT and security teams must employ strategies that enable them to visualize, detect, and mitigate the data risks posed by phishing attacks across all employee devices. This applies regardless of whether the devices are company-owned or private. With the right strategy, based on the Zero Trust principle and SASE (Secure Access Service Edge), it is possible to make the hybrid working world secure.

“On-device and AI-powered phishing detection via a cloud-based security platform makes it possible to stop attacks where they start. A security solution like this prevents users from connecting to phishing websites on both corporate and personal devices,” said Sascha Spangenberg, Global MSSP Solutions Architect at Lookout. “Such a solution detects and blocks phishing attacks via any mobile app and prevents employees from revealing credentials or downloading malicious software. Protection against mobile phishing threats must be a priority if hybrid working is a reality.”

More at


About Lookout

Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.


Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more