A new mobile phish is launched every 20 seconds. That’s more than 4,000 new attacks per day.
Users are 3x more likely to fall for phishing on mobile than desktop.
The average mobile user is 18x more likely to encounter a phishing attack than a malware attack.
Mobile has offered a powerful new access and distribution network for hackers to exploit. It has become the ideal channel for culprits to carry out malicious phishing attacks for the following reasons:
Most users don’t expect a phishing attack on their mobile devices. They are therefore much more likely to fall victim to social engineering.
Malicious phishing URLs tend to arrive over trusted channels like SMS, WhatsApp and other social sites and apps.
Smartphones have smaller screen real estate to assess spoofed URLs. Often URLs are altogether hidden such as in the case to the left.
Organizations are investing in user education to discourage employees from clicking on malicious phishing links that expose their information to malicious third parties.
Organizations have learned through experience that education is not enough. The human element leaves room for error and therefore, potential damage to the user and business.
Some companies use anti-spam solutions to block junk mail and phishing attacks from reaching employee inboxes.
Anti-spam solutions that block phishing attempts in e-mail are not adequate. These tools do not address phishing attacks that are distributed outside of email (e.g., in SMS or through social media apps).
App-based security solutions
App-only solutions can detect threats when the device is compromised or when malicious apps are installed. These solutions could allow users to submit questionable SMS messages.
More than 90% of phishing attacks are missed because they do not actually compromise the device or involve malicious apps. The vast majority of phishing attempts take place in the web browser or via apps, such as WhatsApp or Facebook. App-only solutions have zero visibility into phishing attacks that take place through these channels.
Wandera’s phishing protection is evolved
Zero-Day Phishing Intelligence
powered by MI:RIAM
Wandera is the only dedicated web gateway for mobile, operating directly in the pathway of mobile data.
The solution’s unique architecture allows it to sit between the device and the internet, giving it the ability to intercept traffic to phishing sites, whether initiated over SMS, instant messenger or social media applications.
MI:RIAM analyzes billions of mobile inputs each day using a wide range of data science techniques. When it comes to phishing, MI:RIAM has a proven industry-leading 98% efficacy of recognizing and proactively blocking mobile phishing attempts.
Most phishing sites are published online for only a few hours before hackers move to an entirely new hosting server. This allows them to evade detection and maintain an ongoing campaign without being detected and blocked.
The risk to users is highest in those first critical hours before third-party threat intelligence is updated. In this short window of time, your mobile devices are most vulnerable to newly published attacks.
This is why we have advanced MI:RIAM’s phishing detection algorithms with next-generation machine learning that proactively seeks out new phishing attacks that can be blocked before they hit their first ‘patient zero’.
MI:RIAM’s zero-day phishing algorithm is complex, and relies on a variety of input factors to determine if web content poses a risk to mobile users. Numerous points of data are analyzed and taken together to generate a risk score which ultimately determines if the page is flagged and blocked.
Not only that, but this component of MI:RIAM’s intelligence is continuously improving. As the algorithm successfully identifies more unique phishing attacks, sitting directly in the pathway of mobile data, it is able to learn more about the anatomy of the attack. This allows it to hone its technique as time goes on.
Just a few of the unique factors MI:RIAM’s phishing algorithm analyzes are detailed below:
“Beyond a unified endpoint management (UEM) security add-on, MTD is also used to address use cases such as mobile phishing, bring your own device, app vetting and compliance.”