The hidden cyber risks in your pocket

Let’s do this together: the hidden cyber risks in your pocket

As part of Cybersecurity Awareness Month, we’ve partnered with Lookout to spotlight a growing risk for small and medium-sized businesses: the human risk factor. Cyber threats aren’t just technical. They’re personal. And they’re targeting people.

Mobile attacks are on the rise

Mobile devices are now essential to how we work, connect and manage our lives. But that convenience comes with risk. Attackers are increasingly exploiting human behaviour, curiosity, urgency and trust to launch phishing, smishing (SMS phishing), vishing (voice phishing) and even quishing (QR code phishing) attacks.

In just the first quarter of 2025, Lookout saw over a million mobile phishing attacks hit their users. These aren’t random. They’re targeted to trick specific people with valuable data and system access.

How everyday habits blur the lines

Flexible working and Bring Your Own Device (BYOD) policies are great for productivity, but they blur the lines between personal and professional life. One device often handles everything, including work emails, personal messages and social media. That overlap makes it easier for attackers to slip through.

For example, an employee is working remotely and receives a calendar invite on their personal device that appears to be from their manager. The invite includes a link to join a meeting, but the URL is subtly altered, perhaps using a lookalike domain like vodaf0ne.com instead of vodafone.com. Because the device is used for both work and personal tasks, and the invite blends into their usual workflow, the employee clicks without verifying. The link leads to a fake login page that captures their credentials.

On mobile devices, where previewing links and verifying sources is harder, attackers can bypass traditional security layers and reach users directly.

Practical steps to protect your business

• Empower your team: perhaps the most important action to take is to train employees to spot suspicious messages and links. Awareness is your first line of defence.

• Use smart tools: AI-powered tools like Lookout’s Smishing protection can detect and block threats before they reach your team.

• Secure every device: use strong passwords, biometrics and two-factor authentication. Keep devices and apps updated.

• Be app-savvy: only download apps from trusted sources. Review permissions and delete what’s not needed.

• Separate work from personal: use protected and isolated environments on a mobile device (also known as secure containers) where corporate data and applications can reside separately from personal data.

Stay ahead of evolving risks

Mobile threats are evolving fast, and attackers are using AI to make their campaigns more convincing. By understanding the risks and adopting smart habits, businesses can protect their people, technology, and data. Security does not have to be complicated; simple steps and the right tools can make a big difference.

Ready to take action? Watch our short video and follow Vodafone Business and Lookout for more tips, resources and expert advice throughout Cybersecurity Awareness Month.