Lookout advances defensive capabilities against executive impersonation and SMS phishing
Lookout Inc. today announced new features for its Mobile Threat Defense (MTD) solution, Lookout Mobile Endpoint Security. These advancements provide comprehensive protection against two fast-growing advanced social engineering tactics: smishing (SMS phishing) and executive impersonation fraud texts.
Mobile devices are now the cornerstones of enterprise productivity, collaboration, communication, and cloud identity verification. But as the initial targets in the modern kill chain, they have also become prime targets for social engineering attacks that trick employees into sharing login credentials or sensitive data in cloud apps. According to the most recent Lookout Threat Landscape Report, in Q2 2024 there was a 70% YOY increase in mobile phishing and malicious web content and a 40.4% uptick in enterprise mobile phishing attempts and malicious web attacks.
Every day, mobile device users encounter text messages that seem harmless at first glance—until it’s too late. A single tap by an employee can immediately compromise an entire organization. One common executive impersonation scheme of late is CEO fraud, a social engineering tactic where attackers impersonate CEOs and other high-level executives via text to manipulate employees into sharing sensitive data, divulging passwords, or transferring funds. These smishing attacks are unique because they rarely include a link—the bad actors expect the employee to engage with them via text.
Lookout Mobile Endpoint Security’s new Smishing and Executive Impersonation Protection features for iOS and Android provide a critical layer to the modern defense-in-depth security strategy with proactive protections against social engineering and executive impersonation attacks.
The proactive design of these new features flags suspicious messages before employees can engage with them, significantly reducing the risk of a successful attack by the threat actor.
- Executive Impersonation Protection: Threat actors use tools such as sales prospecting and social networking apps to gather phone numbers and organizational structures, targeting employees with phishing texts posing as senior executives. Lookout's Executive Impersonation Protection proactively protects against these attacks by identifying and blocking text messages from unknown phone numbers that do not match those of an organization's executives.
- Advanced Smishing Protection: Lookout is the first MTD solution that proactively and immediately notifies end users when they receive a message that contains a malicious link on both iOS and Android. In addition to the proactive smishing protections, Lookout will block any URL that is tapped on in any application with its phishing and content protection.
- Admin Visibility and Reporting: Lookout Mobile Endpoint Security provides timely visibility into coordinated smishing or executive impersonation attacks as they occur, along with reporting capabilities within the security admin’s console. Watch this video for more information.
“Mobile devices play a pivotal role in the enterprise because they enable remote access to cloud apps and data. When left vulnerable to phishing and social engineering attacks, they expose a critical weakness within any organization,” said Mike Jude, Research Director, Endpoint Security, IDC. “Cybersecurity has primarily focused on defense, but there’s a noticeable shift from a reactive stance to a more favorable, proactive/offensive approach that emphasizes detection and blocking. With Lookout’s new Smishing and CEO Fraud Protection features, customers can now proactively detect and defend against executive impersonation and smishing attacks across all iOS or Android devices, while administrators gain real-time visibility into targeting attempts to safeguard data and operations.”
“In recent conversations with customers and industry analysts, we’ve been told that smishing and executive impersonation are two of the most frustrating security challenges to deal with,” said Firas Azmeh, President, Mobile Endpoint Security, Lookout. “Knowing your organization is under attack from a targeted threat is critical for today’s security teams, so by combining all three of these solutions into one release, we’re helping our customers know as soon as their employees are being targeted en masse so they can prevent phishing incidents, mitigate damage, and protect organizational data.”
Backed by a mobile threat intelligence team, Lookout offers a defense-in-depth approach to cybersecurity that is designed to protect an organization’s data against the modern kill chain. With a large database of threat telemetry, Lookout has a deep understanding of mobile and cloud threats.
The Lookout Security Cloud is an ever-growing AI-driven mobile dataset of more than 220 million devices, 325 million apps, and billions of web items. The Lookout Security Cloud has identified 465 million phishing and malicious sites since 2019. In addition, it leverages AI to analyze data and identify malware, phishing attacks, and other sophisticated network-based threats.
Lookout Mobile Endpoint Security is the industry’s most advanced Mobile Threat Defense solution to deliver mobile endpoint detection and response (Mobile EDR). Lookout provides visibility into mobile threats and state-sponsored spyware while also protecting against mobile phishing and credential theft that can lead to unauthorized access to sensitive corporate data. Lookout is FedRAMP JAB P-ATO authorized and available through CDM DEFEND, trusted by enterprise and government customers to protect sensitive data, enabling the workforce to connect freely and safely from any device.
Additional Resources:
- Learn more about Lookout Mobile Endpoint Security.
- Listen and subscribe to Security Soapbox, the Lookout podcast covering privacy, security, and everything in between.
- Follow Lookout on its blog, LinkedIn, and X.