TechSpective Podcast

When the Phish Leaves the Inbox
For years, phishing has been the king of cyberattacks. It’s simple, cheap, and it works. Most of us have learned to spot the obvious red flags in email—strange senders, misspelled domains, suspicious links. But the threat has started to evolve. And it’s moving to places where we’re far less prepared. Think about how you handle email versus text messages. With email, you might let a dozen questionable messages pile up before sorting through them. You scan headers, hover over links, and delete anything that feels off. With text messages, though, the reaction is different. You hear the notification, glance down, and reply almost instantly. That’s human nature. Attackers know it. And they’re exploiting it. In the latest episode of the TechSpective Podcast, I sat down with Jim Dolce, CEO of Lookout, to talk about what this shift means for cybersecurity. Lookout has spent years protecting mobile devices, but its newest focus takes aim at a very different attack surface: us. Instead of guarding the machine, the challenge now is guarding the human behind it. We explore why the human layer is such an irresistible target for attackers. Email filters and security gateways have raised the bar, but SMS, messaging apps, voice calls, and even QR codes remain wide open. And unlike email, where skepticism has become second nature, people are far more trusting when a text or call comes through on their phone. That trust—combined with distraction and urgency—makes mobile messaging a perfect delivery channel for scams. Jim explains how these “omnichannel” attacks are multiplying. Smishing (SMS phishing), vishing (voice phishing), and quishing (QR code phishing) may sound like buzzwords, but they’re real and growing fast. Each relies on the same core weakness: our willingness to believe and respond without hesitation. Of course, the obvious question is what to do about it. Traditional defenses aren’t built for this world. There’s no email gateway to filter your texts. Caller ID can be spoofed. QR codes can be swapped. It requires a different way of thinking about security—one that accounts for the psychology and behavior of people, not just the vulnerabilities of machines. That’s where AI enters the picture. Jim and I discuss how large language models can analyze the context and intent of a message, spotting subtle cues that humans might miss. It’s not just about catching malicious links anymore. It’s about recognizing when a message is crafted to spark an emotional response—whether that’s urgency, fear, or curiosity. The idea is to give people an early warning before they engage. We also touch on the balance between privacy and protection. For any AI system to work, it needs data to learn from. But nobody wants their personal messages sitting in some company’s training set. How that tension gets resolved could make or break adoption of these kinds of solutions. The bigger takeaway from the conversation is that we’re at an inflection point. Cybersecurity has always evolved alongside attackers, but the ground is shifting. As threats move beyond the inbox and onto the devices we rely on most, defenses have to follow. That means new technologies, yes, but it also means rethinking the role of people in their own security. I won’t spoil the details of how Lookout is approaching this challenge—you’ll have to listen to the episode for that. But I will say this: the days of thinking of phishing as an “email problem” are over. The frontlines have moved. And if you haven’t thought about what that means for you, your employees, or your business, now is the time. Listen to the full conversation on the TechSpective Podcast to hear where phishing is headed next—and how security needs to catch up.