Phishing, Endpoint/Device Security

BYOD Increases Mobile Phishing; Risks Have Never Been Higher

A computer screen displays a digital alert of an email phishing threat, accompanied by a striking red warning sign.

Stolen employee login credentials are one of the most effective ways for bad actors to infiltrate your organization’s infrastructure. Once they have the login information of one of your accounts in hand, it becomes much easier for them to bypass security measures and gain access to your sensitive data. 

So how do attackers get those login credentials? The answer in many cases is mobile phishing. Global data from Lookout found that in 2022, mobile phishing encounter rates were the highest they'd ever been, with one in three personal and enterprise devices being exposed to at least one attack every quarter. Even now in the first quarter of 2023, that trend is holding strong.

Hybrid work environments and bring-your-own-device (BYOD) policies may be two reasons for the uptick. Organizations have had to accept that personal mobile devices can be used for professional purposes. But you need to keep in mind that every mobile device — whether it's personal or corporate owned, managed or unmanaged, iOS or Android — is susceptible to phishing attempts. 

We've just published our Global State of Mobile Phishing report, which explores phishing trends and the risk they present to both your data and your financial bottom line — all grounded in the latest data from Lookout. This blog will give you a preview of the challenges organizations are facing as they try to protect their data from phishing attacks. 

Get the mobile phishing stats.

How BYOD Has Changed the Phishing Landscape 

Smartphones and tablets have made it easier for employees to be productive from anywhere but they've also introduced new challenges for IT and security teams.

BYOD policies mean that more people than ever are using their personal devices for work, and that means the risks they encounter while using those devices for personal reasons are also risks to the organization. IT and security teams also have significantly less visibility into these devices than they do into corporate-owned devices, meaning it's harder to manage these increased risks. 

It’s with these factors in mind that attackers now heavily target users' personal devices in order to infiltrate organizations. An employee may fall victim to a social engineering scheme from personal channels like social media, WhatsApp, or email, and once they do, attackers could gain access to their employers' networks or data. And this isn't a once-in-a-blue-moon event — Lookout data shows that in 2022, more than 50% of personal devices were exposed to some sort of mobile phishing attack at least once every quarter. 

Millions of Dollars on the Line 

Data isn’t the only thing you’re risking when you fall for a phishing scam. Lookout estimates that the maximum financial impact of a successful phishing attack has risen to nearly $4 million for organizations of 5,000 employees. Highly regulated industries like insurance, banking, and legal are seen as the most lucrative marks and are more likely to be targeted because of the vast amount of sensitive data they own. 

And these high costs are coming at a time when phishing encounter rates are at an all-time high. Compared to 2020, encounter rates are now 10% higher for enterprise devices and 20% higher for personal devices. And people are clicking on phishing links more often than they were in 2020, which could mean attackers are getting better at creating authentic-looking messages.  

With more risk and more money on the line than ever before, organizations have to adjust their security strategies to keep their data protected. 

Securing Your Data Against Mobile Phishing Threats 

The mobile phishing landscape is more treacherous than ever before, especially as work from anywhere cements, and IT and security teams need to adopt strategies that enable them to visualize, detect, and minimize the data risks posed by phishing attacks across all employee devices — regardless of whether they’re corporate-owned or personal.

To learn more about global phishing trends, how user behavior and attacker methods are evolving, and how you can protect your organization from mobile phishing attacks, check out this State of Mobile Phishing in 2023 webinar or download the full Lookout Global State of Mobile Phishing report.

Global State of Mobile Phishing Report

Discover the alarming rise in mobile phishing targeting U.S. public sector. Safeguard your agency with insights from our comprehensive threat report. Download Free Report