Mobile Devices Are “The Last Mile” Of Phishing Attacks in the Everywhere Enterprise
Mobile phishing is a hot topic right now. It’s probably the subject that I get asked about the most frequently by customers and prospects. That’s because mobile devices are at the center of the Everywhere Enterprise and where “the last mile” of phishing attacks are taking place.
Mobile devices have become even more important and ingrained in everyone’s lives during the COVID-19 pandemic. Employees have their mobile devices with them everywhere, at every point in time. In addition to calling and texting others, employees are using their mobile devices to interact with a variety of cloud-based applications and services. For example, many businesses have equipped their remote workers with video conferencing, collaboration, and other business apps to ensure productivity.
Employees are using their mobile devices – and in many cases, their own unsecured devices – more than ever before to access corporate data and get work done. As a result, there’s a huge mobile security gap in the Everywhere Enterprise. And unfortunately, hackers are taking advantage of it by increasingly targeting mobile devices and applications with sophisticated phishing attacks. The FBI has warned of a rise in phishing attacks related to the COVID-19 pandemic, including business email compromise schemes, and urged users to verify information before taking any action – especially when using a mobile or handheld device.
And Twitter recently made headlines for falling victim to a phone spear-phishing attack, leading to the accounts of high-profile celebrities and world leaders being taken over to perpetrate a Bitcoin scam. Hackers leveraged social engineering to steal the credentials of Twitter employees who had permissions to use account management tools. The hackers then used those credentials to access Twitter’s internal systems, infiltrate high-profile Twitter accounts and send out Tweets that included links to a malicious website designed to steal Bitcoin, earning the hackers over $100,000 in a short amount of time.
So, why is it so easy to manipulate users on mobile devices? People interact with mobile devices much differently than they do with laptops and desktops. For example, the mobile user interface prompts users to take immediate actions, such as clicking on links or responding to messages, while limiting the amount of information available due to small screen size. That’s why being able to stop phishing attacks on mobile devices is incredibly important.
The good news is MobileIron recently introduced multi-vector mobile phishing protection for iOS and Android devices to help organizations secure “the last mile” of phishing attacks. MobileIron Threat Defense (MTD) now offers on-device and cloud-based phishing URL database lookup to detect and remediate phishing attacks across mobile threat vectors, including text and SMS messages, instant messages, social media and other modes of communication, beyond just corporate email.
Whether your organization supports corporate-owned or BYOD devices, MTD can protect those iOS and Android devices from phishing attacks waged at the device, network and application level. And perhaps best of all, there is no end user action required to deploy MTD on mobile devices that are enrolled in MobileIron’s unified endpoint management (UEM) client; this is remotely managed by IT departments. As a result, organizations can achieve 100% user adoption, and IT departments can achieve peace of mind knowing that their employees aren’t opting out of security protocols.