Lookout Advances Mobile Phishing Protection Amidst Growing Enterprise Risk

‍San Francisco, CA - April 10, 2018 - Lookout, the global leader in securing mobility, today published a report that exposes the growing risk of phishing on mobile devices. In a study of Lookout users, more than half clicked mobile phishing URLs that bypassed existing security controls. Since 2011, Lookout has observed this mobile phishing URL click rate increase 85 percent year-over-year. To address this growing threat, Lookout also introduced today phishing & content protection to Lookout Mobile Endpoint Security.

“Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways,” said Aaron Cockerill, chief strategy officer at Lookout. “Operating outside the perimeter and freely accessing not just enterprise apps and SaaS, but also personal services like social media and email, mobile devices are rich targets for attack since they may lack enterprise security, but enable enterprise access and authentication.”

Phishing attacks are particularly effective on mobile devices because hidden email headers and URLs make it easy to spoof email addresses and websites while new vectors, including SMS and messaging apps, enable attackers to make their campaigns personal.

“It’s critical for enterprises to realize that when it comes to mobile devices, email is not the only phishing attack vector,” said Cockerill. “Attackers now take advantage of SMS, as well as some of today’s most popular and highly used social media apps and messaging platforms, such as WhatsApp, Facebook Messenger, and Instagram, as a means of phishing. Security professionals who overlook these new routes of attack put their organizations at risk.”

Mobile phishing 2018 report highlights
Mobile Phishing 2018: myths and facts facing every modern enterprise is the first mobile security report to provide these mobile phishing URL click rates, joining a growing body of research that establishes that most cyber attacks begin with phishing and people are more susceptible to phishing on mobile. The report analyzes data from more than 67 million mobile devices protected by Lookout since 2011. All data is anonymous, and no corporate data, networks, or systems were accessed to perform this analysis.

Highlights of Lookout's report include:

• Mobile phishing yields responses from most users - Fifty-six percent of Lookout users received and clicked on their mobile device a phishing URL that bypassed existing layers of phishing defense. Of those mobile users that clicked on a mobile phishing URL, they did so an average of six times per year.
• Mobile phishing is increasing - The rate at which Lookout users are receiving and clicking on phishing URLs on their mobile devices has grown year-over-year by a staggering 85 percent on average since 2011.
• Attack vectors made possible by mobility are highly effective - In one enterprise experiment, over 25 percent of employees clicked on a link in an SMS message from a phone number spoofed to look like one in their area.

Lookout enhances Mobile Endpoint Security with phishing & content protection
In order to combat the growing threat of mobile phishing, Lookout today introduced phishing & content protection to Lookout Mobile Endpoint Security. With Lookout, enterprises can now:

• Detect - Detect phishing attempts from any source on mobile devices, including email (corporate or personal), SMS, chat apps, social media, and more, and set policies to protect against phishing attempts.
• Protect - Block connections on mobile devices to known malicious URLs hosted on risky websites that may attempt to phish for credentials or perform other malicious acts.
• Remediate - Alert end-users at the actual time of URL access. This real-time alert prevents exposure to the phishing or malicious site.
• Analyze - Gain visibility into the frequency and severity of users clicking phishing and malicious links, as well as track whether or not devices have enabled phishing & content protection. Devices that do not have the feature enabled are marked as out-of-compliance allowing for typical enterprise remediation through integration to leading EMM vendors.

Lookout Mobile Endpoint Security was designed to provide comprehensive protection across the entire Spectrum of Mobile Risk, a framework illustrating the array of mobile risks across app, device, network, and web & content vectors. With more than a decade of experience in app, device, and network threats, by extending phishing protection to mobile, Lookout now addresses the web and content vector, one of the most prevalent ways attackers exfiltrate enterprise data.

To learn more about Lookout Mobile Endpoint Security, visit https://www.lookout.com/products/endpoint-security/mobile-endpoint-security.