We talk a lot about malware, man-in-the-middle attacks and data leaks. These are important and widespread threats for anyone operating a mobile fleet, but one of the most overlooked but equally dangerous attacks is mobile phishing.
Years of hard work to defend businesses against email phishing has left many organizations complacent in staying protected from phishing conducted over mobile apps, social media and other more novel approaches.
Research from University of Texas blames overconfidence in detecting phishing attacks as the primary reason that so many users fall victim to these kinds of attacks, with most people believing they are smarter than the actors responsible for the attack. Data from Proofpoint suggests that phishing attacks conducted over social media jumped by 500% in the final three months of 2016, representing a wider trend in hackers looking beyond desktop and beyond email when executing phishing attacks.
Known phishing URLs are distributed in all kinds of ways, but the research shows that gaming apps are the most popular choice for attackers, followed by email apps, sports and new/weather services.
How to combat mobile phishing
Tackling the mounting problem of mobile phishing is a complex one. The goalposts shift constantly and attackers are always on the hunt for new techniques to exploit. Blocking entire content categories of apps won’t always eliminate the problem.
Part of the solution must involve education and basic training around best practices for employee behavior is a must. It should include the principles of sensible communications practices, such as never clicking on links in unsolicited emails or shared through mobile apps, and refraining from sharing credentials or personal information with anyone via any mobile channel – even in those apps you normally trust.
Even the best and most robust education programs will not solve the problem altogether. As any IT director will attest, eventually one employee will fall for a phishing campaign, which is no act of foolishness, considering the sophistication of modern attacks.
With this in mind, it is absolutely vital that you have a security solution in place that is able to monitor and intercept any traffic directed at phishing sites. As a fundamental technique in the hacker’s toolkit, phishing domains form the cornerstone of most attacks.
You can only control what you see
The unique multi-level architecture powered by Wandera, both on device and in the cloud, works in real-time to provide insights into your mobile data that go beyond MDM or other security vendors. With a web gateway for mobile, you see more and can control more.