Hacking Office 365: This isn’t your grandma’s phishing email anymore

When we think of phishing, many of us recall the days of fuzzy scanned images of bank logos cobbled together in an email driving the user to an obviously fake site to “update account information.” And while some of those phishing exploits were sadly and tragically successful in separating victims from their money, they were generally easy to spot and delete before transferring the contents of your bank account to the darkest corners of the Internet.

But phishing attacks have not gone away, and today they are more sophisticated and targeted than ever, making them difficult for even the most savvy mobile users to spot.

Here’s a big reason why: For the most part, phishing exploits have abandoned the mass-generated emails. Those huge campaigns aren’t really necessary anymore because user credentials have become so easy to steal. Passwords continue to be the main source of data breaches in most companies. And yet, credential-based security is still all most companies use to protect access to apps and services like Office 365.

Unfortunately, once an employee’s credentials have been compromised, it’s incredibly easy to impersonate the user inside the organization, and even conduct multi-phase attacks within Office 365.

Of course, educating users about good security hygiene is important to help prevent passwords from being compromised in the first place. But today’s hackers are more sophisticated, innovative, and relentless than ever before, and it only takes one successful breach for the volume of attacks to cascade across your organization.

This isn’t news to MobileIron. We’ve been protecting against these kinds of threats since day one. Now we’ve ramped up our capabilities to protect against the latest Office 365 phishing exploits.

As part of a suite of new enterprise productivity and security enhancements, we’ve introduced new product capabilities that optimize security with mobile threat detection features that prevent phishing attacks via email, SMS texts, chat apps, and social media. We know it’s impossible to put all of the responsibility for security in the hands of end users. That’s why we put mobile-centric, zero trust security there too.

To learn more about our vision on enabling security in a zero trust environment and our latest product advancements, please join us at our premier customer events, MobileIron Live! 2019 Brooklyn and MobileIron Live! 2019 Berlin. These events are unlike traditional conferences — they offer a mix of real-time networking with your peers and top security decision makers, thought leadership, and hands-on learning. We look forward to seeing you soon.