Phishing attacks are on the rise — and what MobileIron is doing about it

Phishing attacks have come a long way since those mocked-up, fake bank emails (although those are still around, too). In fact, they have become so advanced that even cybersecurity professionals admit to falling for them.

Some phishing attacks trick users by attaching credible documents such as payment notices, invoices, or W-2 tax forms and then asking users to click on a link to enter their credentials. Other phishing attacks disrupt two-factor authentication (2FA) with man-in-the-middle attacks. These attacks overcome 2FA by enabling the attacker’s website to function as a proxy that forwards requests on the victim’s behalf to the legitimate website, such as a real banking website. Real-time responses are delivered, which allows the hacker to intercept the active session tokens that the real website associates with logged-in accounts. These tokens can then be placed inside a browser to allow the attacker to access those accounts at any time without the need to authenticate.

These are just a few examples of how advanced phishing attacks have become. Unfortunately, as enterprises have expanded everywhere, so have sophisticated phishing attacks. According to Verizon’s 2020 Data Breach Investigations Report, almost one-quarter (22%) of all data breaches involve phishing specifically. And mobile phishing attacks in particular are on the rise because hackers are taking advantage of the COVID-19 pandemic. Hackers are pretending to be IRS representatives, health-care providers, government officials and others, and increasingly sending people text messages with malicious links.

Why are mobile devices such appealing targets for phishing attacks? There are many reasons, but I’d say these are the top three: First, the physical size of a mobile device makes it very convenient to carry, but the small screen limits the amount of information viewable to the user. This can lead to regrettable clicks, and perhaps even unintentional sharing of login credentials or download of an exploit. Next, it’s extremely difficult to determine if a text message is authentic. Is an, “LOL… Check this out!” text with .bitly link actually from your colleague, or is it a smishing attempt (phishing via text) determined to trigger a domino effect that brings your organization to its knees? And finally, it’s also worth calling out the difficulty – or even inability - to review and compare multiple websites or data side-by-side on mobile devices so that more informed decisions can be made.

Combine each of these with the fact that users are often distracted when on mobile devices because they’re typically used while doing other things like walking, eating, and unfortunately, driving (which none of us should be doing!). This means that both technologically and psychologically, our defenses are down when we’re on mobile devices.

Hackers are exceptionally good at what they do. However, MobileIron is also exceptionally good at protecting and remediating against their attacks.

 

MobileIron provides complete mobile phishing protection

Protecting against this new wave of sophisticated phishing attacks requires a new multi-vector security approach that goes way beyond spam detection. MobileIron Threat Defense (MTD) is engineered to detect and remediate mobile threats, including phishing attacks, regardless of how they are delivered, whether through email, SMS, in-app browsers, messaging apps, or social media. In fact, only MobileIron makes it easy to ensure complete user adoption of anti-phishing protection because it is fully integrated with the MobileIron UEM client and controlled by IT.

This means it doesn’t matter if a user flakes out and forgets to update the device OS or security patches. It doesn’t even matter if the user has Wi-Fi or cellular connectivity. MTD keeps protecting the device (and your data) without any of these things. Here are the top ways MobileIron protects the “Everywhere Enterprise” from mobile phishing attacks:

  • MobileIron UEM serves as the foundation to enable a secure workforce and defend against mobile threats, including phishing attacks. MobileIron leverages a zero trust approach, which assumes bad actors are already in the network and secure access is determined by a “never trust, always verify” model.
  • With MTD, organizations can achieve 100% user adoption of on-device phishing detection and remediation. No user interaction is required to activate MTD on mobile devices that are enrolled in MobileIron UEM. This is remotely managed by IT departments. As a result, organizations ensure that on-device mobile threat detection and remediation is installed and updated on every device that accesses enterprise resources, all without impacting productivity.
  • Organizations can expand multi-vector anti-phishing protection to include cloud-based lookup. This enables organizations to control the balance between security and privacy.
  • To further reduce the risk of breaches, organizations can eliminate passwords with zero sign-on. The easiest way to eliminate the risk of stolen passwords is... to eliminate passwords. MobileIron’s zero sign-on (ZSO) capability enables a seamless, passwordless authentication experience that doesn’t require users to remember, update, or type in complex passwords. With ZSO, you get better security and a better experience for users whenever they access enterprise cloud services.

Please join me in learning more about MobileIron’s solution for complete mobile phishing protection in our three-part webinar series:

 

Part 1: Just Like That! Here’s How to Ensure 100% User Adoption for New MTD Multi-layered Anti-phishing!

  • Now available on demand (US session) – View here
  • Now available on demand (EMEA session) – View here

Part 2: How to Achieve Complete Mobile Phishing Protection

  • Now available on demand (US session) – View here
  • Now available on demand (EMEA session) – View here

Part 3: Expert Technical Insight and Step-by-Step Tutorial: How to Get the Most Out of MobileIron Threat Defense

  • Now available on demand (US session) – View here
  • Now available on demand (EMEA session) – View here

 

Brian Foster

Senior Vice President of Product Management

About the author

As SVP of Product Management, Brian is responsible for overseeing product direction and innovation. Brian brings more than 25 years of experience to his role. Prior to MobileIron, Brian founded a startup in the identity management space. Before that, he was SVP of information services at Neustar, the leader in identity resolution. At Neustar, Brian’s teams were responsible for solutions in marketing services, risk and fraud, registries, and security services. He also oversaw the product development and go-to-market operations. Prior to that, Brian was CTO at Damballa, a private company that discovered advanced threats running in enterprises and large internet service providers. As CTO, Brian was responsible for the advanced research, product strategy, and engineering operations.

Before Damballa, Brian was SVP of product management at McAfee. He oversaw McAfee's global product management functions and was responsible for over 80  enterprise and consumer products, generating more than $2B in revenue. Prior to joining McAfee, Brian was VP of product management at Symantec, where he oversaw product innovation for the enterprise endpoint. Brian has a BA in Economics from UCLA and completed the executive program in management from UCLA’s Anderson School of Management.