Phishing attacks are on the rise — and what MobileIron is doing about it
Phishing attacks have come a long way since those mocked-up, fake bank emails (although those are still around, too). In fact, they have become so advanced that even cybersecurity professionals admit to falling for them.
Some phishing attacks trick users by attaching credible documents such as payment notices, invoices, or W-2 tax forms and then asking users to click on a link to enter their credentials. Other phishing attacks disrupt two-factor authentication (2FA) with man-in-the-middle attacks. These attacks overcome 2FA by enabling the attacker’s website to function as a proxy that forwards requests on the victim’s behalf to the legitimate website, such as a real banking website. Real-time responses are delivered, which allows the hacker to intercept the active session tokens that the real website associates with logged-in accounts. These tokens can then be placed inside a browser to allow the attacker to access those accounts at any time without the need to authenticate.
These are just a few examples of how advanced phishing attacks have become. Unfortunately, as enterprises have expanded everywhere, so have sophisticated phishing attacks. According to Verizon’s 2020 Data Breach Investigations Report, almost one-quarter (22%) of all data breaches involve phishing specifically. And mobile phishing attacks in particular are on the rise because hackers are taking advantage of the COVID-19 pandemic. Hackers are pretending to be IRS representatives, health-care providers, government officials and others, and increasingly sending people text messages with malicious links.
Why are mobile devices such appealing targets for phishing attacks? There are many reasons, but I’d say these are the top three: First, the physical size of a mobile device makes it very convenient to carry, but the small screen limits the amount of information viewable to the user. This can lead to regrettable clicks, and perhaps even unintentional sharing of login credentials or download of an exploit. Next, it’s extremely difficult to determine if a text message is authentic. Is an, “LOL… Check this out!” text with .bitly link actually from your colleague, or is it a smishing attempt (phishing via text) determined to trigger a domino effect that brings your organization to its knees? And finally, it’s also worth calling out the difficulty – or even inability - to review and compare multiple websites or data side-by-side on mobile devices so that more informed decisions can be made.
Combine each of these with the fact that users are often distracted when on mobile devices because they’re typically used while doing other things like walking, eating, and unfortunately, driving (which none of us should be doing!). This means that both technologically and psychologically, our defenses are down when we’re on mobile devices.
Hackers are exceptionally good at what they do. However, MobileIron is also exceptionally good at protecting and remediating against their attacks.
MobileIron provides complete mobile phishing protection
Protecting against this new wave of sophisticated phishing attacks requires a new multi-vector security approach that goes way beyond spam detection. MobileIron Threat Defense (MTD) is engineered to detect and remediate mobile threats, including phishing attacks, regardless of how they are delivered, whether through email, SMS, in-app browsers, messaging apps, or social media. In fact, only MobileIron makes it easy to ensure complete user adoption of anti-phishing protection because it is fully integrated with the MobileIron UEM client and controlled by IT.
This means it doesn’t matter if a user flakes out and forgets to update the device OS or security patches. It doesn’t even matter if the user has Wi-Fi or cellular connectivity. MTD keeps protecting the device (and your data) without any of these things. Here are the top ways MobileIron protects the “Everywhere Enterprise” from mobile phishing attacks:
- MobileIron UEM serves as the foundation to enable a secure workforce and defend against mobile threats, including phishing attacks. MobileIron leverages a zero trust approach, which assumes bad actors are already in the network and secure access is determined by a “never trust, always verify” model.
- With MTD, organizations can achieve 100% user adoption of on-device phishing detection and remediation. No user interaction is required to activate MTD on mobile devices that are enrolled in MobileIron UEM. This is remotely managed by IT departments. As a result, organizations ensure that on-device mobile threat detection and remediation is installed and updated on every device that accesses enterprise resources, all without impacting productivity.
- Organizations can expand multi-vector anti-phishing protection to include cloud-based lookup. This enables organizations to control the balance between security and privacy.
- To further reduce the risk of breaches, organizations can eliminate passwords with zero sign-on. The easiest way to eliminate the risk of stolen passwords is... to eliminate passwords. MobileIron’s zero sign-on (ZSO) capability enables a seamless, passwordless authentication experience that doesn’t require users to remember, update, or type in complex passwords. With ZSO, you get better security and a better experience for users whenever they access enterprise cloud services.
Please join me in learning more about MobileIron’s solution for complete mobile phishing protection in our three-part webinar series:
Part 1: Just Like That! Here’s How to Ensure 100% User Adoption for New MTD Multi-layered Anti-phishing!
Part 2: How to Achieve Complete Mobile Phishing Protection
Part 3: Expert Technical Insight and Step-by-Step Tutorial: How to Get the Most Out of MobileIron Threat Defense
Brian Foster
Senior Vice President of Product Management