Mobile phishing is the biggest unsolved cybersecurity problem facing enterprises today. The rate at which users are receiving and tapping Phishing URLs on their mobile device has grown by an average of 85% Year-over-Year since 2011. Lookout-exclusive research into mobile phishing has uncovered a number of malicious actors globally, including the state-sponsored group behind Dark Caracal that focused on mobile phishing to compromise over 600 phones in over 21 countries. Even Pegasus, the one-tap remote jailbreak exploit sold by cyber-arms dealer NSO group required the victim to tap a phishing message in an SMS. FrozenCell, xRAT, ViperRAT, SocialPath, and Xsser/mRAT are all mobile threats that start with phishing.