Mobile Devices Are “The Last Mile” Of Phishing Attacks in the Everywhere Enterprise

Mobile phishing is a hot topic right now. It’s probably the subject that I get asked about the most frequently by customers and prospects. That’s because mobile devices are at the center of the Everywhere Enterprise and where “the last mile” of phishing attacks are taking place.

Mobile devices have become even more important and ingrained in everyone’s lives during the COVID-19 pandemic. Employees have their mobile devices with them everywhere, at every point in time. In addition to calling and texting others, employees are using their mobile devices to interact with a variety of cloud-based applications and services. For example, many businesses have equipped their remote workers with video conferencing, collaboration, and other business apps to ensure productivity.

Employees are using their mobile devices – and in many cases, their own unsecured devices – more than ever before to access corporate data and get work done. As a result, there’s a huge mobile security gap in the Everywhere Enterprise. And unfortunately, hackers are taking advantage of it by increasingly targeting mobile devices and applications with sophisticated phishing attacks. The FBI has warned of a rise in phishing attacks related to the COVID-19 pandemic, including business email compromise schemes, and urged users to verify information before taking any action – especially when using a mobile or handheld device.

And Twitter recently made headlines for falling victim to a phone spear-phishing attack, leading to the accounts of high-profile celebrities and world leaders being taken over to perpetrate a Bitcoin scam. Hackers leveraged social engineering to steal the credentials of Twitter employees who had permissions to use account management tools. The hackers then used those credentials to access Twitter’s internal systems, infiltrate high-profile Twitter accounts and send out Tweets that included links to a malicious website designed to steal Bitcoin, earning the hackers over $100,000 in a short amount of time.

So, why is it so easy to manipulate users on mobile devices? People interact with mobile devices much differently than they do with laptops and desktops. For example, the mobile user interface prompts users to take immediate actions, such as clicking on links or responding to messages, while limiting the amount of information available due to small screen size. That’s why being able to stop phishing attacks on mobile devices is incredibly important.

The good news is MobileIron recently introduced multi-vector mobile phishing protection for iOS and Android devices to help organizations secure “the last mile” of phishing attacks. MobileIron Threat Defense (MTD) now offers on-device and cloud-based phishing URL database lookup to detect and remediate phishing attacks across mobile threat vectors, including text and SMS messages, instant messages, social media and other modes of communication, beyond just corporate email.

Whether your organization supports corporate-owned or BYOD devices, MTD can protect those iOS and Android devices from phishing attacks waged at the device, network and application level. And perhaps best of all, there is no end user action required to deploy MTD on mobile devices that are enrolled in MobileIron’s unified endpoint management (UEM) client; this is remotely managed by IT departments. As a result, organizations can achieve 100% user adoption, and IT departments can achieve peace of mind knowing that their employees aren’t opting out of security protocols.

To learn more, register for a series of upcoming webinars or contact a MobileIron sales representative.

Alex Mosher

Alex Mosher

Global Vice President of Solutions

About the author

Alex Mosher, is Global Vice President, Solutions, at MobileIron. In his role, Mosher is responsible for MobileIron’s go-to-market plan and aligning mobile, security, and cloud solution strategy with execution.

Before joining MobileIron he spent 12 years at CA Technologies – responsible for CA's $1.4B+ cybersecurity business strategy and go-to-market plan. In his last role with CA Technologies, Alex was a global vice president responsible for all sales and go-to-market integration of CA's $612 million acquisition of Veracode, which was sold to Thoma Bravo just 16 months later for $965M.

Today, Alex leads a global team that works to develop and implement action plans that enable customers to take control of security, identities, access, and information across platforms and devices. As a 20-year information technology industry veteran, he has amassed hands-on experience in virtually every aspect of the business, including sales and marketing, development, and deployment services.