MI:RIAM is not a static mobile intelligence engine. Our Data Science team works day and night to evolve and advance MI:RIAM’s capabilities, focusing on the latest trends and techniques in machine learning.

This landmark enhancement to MI:RIAM has come in the way of a complete revitalization of the engine’s phishing detection and prevention capabilities. We’re thrilled to finally announce that zero-day phishing protection, powered by MI:RIAM is now in place for Wandera’s security customers.

Wandera’s zero-day phishing detection monitors suspicious URLs in real-time, capturing insights immediately after a new domain has been registered. This method of continual monitoring places MI:RIAM above traditional detection techniques that rely on scraping databases at regular intervals, often blocking threats after an attack has had the opportunity to take place.


Phishing: the #1 mobile threat

It shouldn’t surprise anyone that phishing is undoubtedly the most prevalent and severe mobile threat affecting organizations today. When thinking about the most severe mobile threats, what immediately comes to mind for most is malware. Though malware is undoubtedly a major concern for corporate devices, our data indicates that the average mobile user is 18x more likely to encounter a phishing attack than a malware attack.

Mainstream news stories of large scale and advanced phishing attacks have made it clear that phishing isn’t what it used to be. The attacks are becoming increasingly sophisticated and difficult to detect. It’s also becoming apparent that hackers are learning the best medium for phishing attacks. With more than 50% of all Internet traffic coming from mobile devices, attackers have turned their attention to mobile employees and the myriad of communications apps they use.

And it’s not just because of the increased usage. Mobile has become the ideal channel for culprits for a number of reasons. The first of which is that most users don’t expect a phishing attack on their mobile devices. Users are trained to look out for phishing attacks over e-mail but tend to feel safe on their phones.They are therefore much more likely to fall victim to social engineering.

Malicious phishing URLs are now arriving over trusted channels like SMS, WhatsApp and other social media sites and apps. Because these apps and websites are so ingrained in employees day-to-day mobile life, they simply don’t think that malicious URLs could be sent to them from their friends on Facebook, for example.


Lastly, mobile does a great job of hiding malicious URLs due to limited screen real estate. A lot of the time, hackers are registering familiar domains, or even subdomains that don’t look like phishing upon first glance. When the end of URL is cut off in the browser pane, mobile users have a much more difficult time deciphering if the page is in fact real. Take our phishing quiz to test your detective skills.

All of this culminates in the fact that users are 3x more likely to fall for phishing attacks on mobile vs. desktop. That’s a huge risk factor for your mobile estate that needs to be recognized and protected against.

Incomplete protection

Many services have tried to combat this threat category with limited success. For example, employee training services have emerged to discourage employees from clicking on malicious phishing links that expose their information to third parties. What organizations have discovered however is that education is not enough. The human element of the equation leaves room for error and therefore potential damage to the user and business.

Anti-spam/phishing services are also available on the market. Most of these solutions operate over email to block spam-type messages and delete them immediately to prevent them from reaching employees’ inboxes. These solutions are not inadequate whatsoever. They simply just do not address phishing attacks that are distributed outside of e-mail.

There are also a number of app-based security solutions that are attempting to guard devices against phishing attacks. App-only solutions are designed to detect threats when the device is compromised or when malicious apps are installed. More than 90% of phishing attacks are missed on app-only solutions because they do not actually compromise the device or involve malicious apps. The vast majority of phishing attempts take place in the web browser or via apps, such as WhatsApp or Facebook. App-only solutions have zero visibility into phishing attacks that take place through these channels.

Zero-Day Phishing Intelligence: powered by MI:RIAM

It’s the unique architecture that Wandera posses that enables us to implement zero-day phishing detection and protection through MI:RIAM. Our cloud gateway for mobile sits directly in line of mobile traffic, allowing us to monitor this traffic and in real-time detect any anomalies or malicious activity.

This means, if MI:RIAM, through her learning algorithm flags a URL or traffic as phishing or originating from a command and control server, she not only notifies admins through RADAR, but she can block this traffic in real time This ensures sensitive data is not exfiltrated from the device, even if the user is fooled by a social engineering scheme.

Currently MI:RIAM has a 98% efficacy rating when it comes to detecting phishing pages, demonstrating the effectiveness of our data science technology. If you know us by now however, you’ll know we’re never satisfied with the status quo. We took MI:RIAM’s machine learning algorithm further to become more effective at recognizing zero day threats.

The evolution

Today, most phishing sites are published online for only a few hours before hackers move to an entirely new hosting server. This allows them to evade detection and maintain an ongoing campaign without being detected and blocked. The risk to users is highest in those first critical hours before third-party threat intelligence is updated. In this short window of time, your mobile devices are most vulnerable to newly published attacks.

This is why we have advanced MI:RIAM’s phishing detection algorithms with next-generation machine learning that proactively seeks out new phishing attacks that can be blocked before they hit their first ‘patient zero’.

MI:RIAM’s zero-day phishing algorithm is complex, and relies on a variety of input factors to determine if web content poses a risk to mobile users. Numerous points of data are analyzed and taken together to generate a risk score which ultimately determines if the page is flagged and blocked.

Not only that, but this component of MI:RIAM’s intelligence is continuously improving. As the algorithm successfully identifies more unique phishing attacks, sitting directly in the pathway of mobile data, it is able to learn more about the anatomy of the attack. This allows it to hone its technique as time goes on.

Just a few of the unique factors MI:RIAM’s zero-day phishing algorithm analyzes are detailed below:


Registration date

When was the domain registered?

Host Reputation

Is the host one that is has previously been known to host malware or other malicious content?

Traffic Volume

Has there been there low or high traffic to the page?

Domain details

Who owns the domain? What other domains are they associated with?

Keywords & brand names

Does the URL or webpage contain a popular brand name or keyword?


How long is the URL? How many unique characters does it have?

Content Similarity

How similar is the page/URL to others that it may be trying to replicate? Get MI:RIAM’s zero-day phishing intelligence working for you. Our mobility experts are ready and willing to show you what this new detection and prevention capability can do for your organization.

Mobile Phishing Report 2018

Phishing sites morph, evolve and redirect by the second – allowing hackers to alternate their techniques. Learn more about the mobile phishing threat landscape.

Download now