Cybersecurity firm Lookout is bolstering its mobile threat detection tool with new features designed to protect mobile device users from smishing and executive impersonation texts, two threats that are on the rise as smartphones and similar mobile systems become widely used in enterprises.
At the MSSP Alert Live event last week, the Boston-based company unveiled the advanced protection features for both iOS and Android devices in its updated Mobile Endpoint Security solution. The Executive Impersonation Protection tool identifies when text messages are sent from an unknown number that doesn’t match those used by an organization’s executive and then alerts the user.
The smishing – or SMS text phishing – feature flags messages that contain malicious links and alerts users to them.
In addition, Lookout’s Mobile Endpoint Security gives organizations visibility into coordinated smishing or executive impersonation attacks as they happen. In addition, there are also reporting capabilities in the security administrator’s console.
Mobile Devices Become Enterprise Tools
This comes as mobile devices have become essential tools for businesses, letting employees work from anywhere and access critical data, Eva-Maria Elya, vice president and global channel and MSSP at Lookout, told MSSP Alert. That said, there also are security risks that come with them, including phishing and data breaches.
“The wide use of mobile devices in the enterprise has been fueled by their ability to perform a multitude of tasks across various business areas, making them essential for modern organizations,” Elya said. “The convenience, simplicity, and power of mobile devices allow employees to stay productive from anywhere, whether they are using personal or company-issued devices.”
In addition, this shift to remote and hybrid work has fed this trend, and there is an increasing reliance on cloud productivity platforms, enabling seamless access to business data and apps from mobile devices.
Attacks on the Rise
Bad actors know this and are looking to take advantage. According to the Lookout’s latest Threat Landscape Report, in the second quarter, there was a 70% year-over-year increase in mobile phishing and malicious web content and a 40.4% jump in enterprise mobile phishing attempts and malicious web attacks.
Smishing is also on the rise. According to a report earlier this year by cybersecurity company Proofpoint, 75% of organizations experienced smishing attacks last year. According to Lookout’s Elya, threat actors also use smishing and social engineering in executive impersonation campaigns to trick employees into sharing sensitive information.
“This isn't entirely new, but the shift to mobile devices has made it easier for attackers to reach their targets quickly and discreetly,” she said. “These scams are quite effective because they exploit human vulnerability. Attackers often use these tactics to test an organization's defenses and identify employees who might fall for more advanced social engineering campaigns later.”
Exec Impersonation Threats
Scams impersonating CEOs and other executives also are being fueled by the rise of AI-based deepfake technologies that need only a few seconds of audio to be able to create entire sentences that sound like the person. Hackers also can use deepfake video, as proven earlier this year when an employee in the Hong Kong office of a high-profile British design and engineering company, believing they were in a video meeting with the CEO and other executives, was duped into sending $25 million to the fraudsters.
Also this year, password management firm LastPass said an employee almost was taken in by an audio deepfake that impersonated CEO Karim Toubba.
AI also plays a role in the text-based impersonation fraud that Lookout is addressing as well as the vendor’s protections against suspicious messages that may be part of such an attack.
“Lookout’s AI and machine learning technology can identify malicious and phishing content automatically,” Elya said. “This proactive approach helps mitigate threats before they can exploit human vulnerabilities.”
A key to the capabilities of Lookout’s solution is an AI-based dataset of more than 220 million devices, 325 million apps, and billions of web items, according to the company. The Lookout Security Cloud uses AI to analyze data and identify malware, phishing attacks, and similar network-based threats.