According to Data Breach Today, “fraudsters are mimicking automated messages from Microsoft SharePoint for a phishing campaign that attempts to steal Office 365 credentials.”
The malicious emails reached about 50,000 inboxes so far, and the campaign may still be active, per Abnormal Security, the company that identified the phishing campaign.
While learning of yet another phishing campaign is not breaking news – – afterall, more than 90 percent of breaches begin with phishing – – targeting an enterprise solution is certainly noteworthy. As important, understanding that to properly detect and protect all endpoints from phishing, mobile devices must be addressed.
The reality is, mobile devices are the ultimate endpoints and must be protected.
Fortunately, Zimperium’s patented, machine learning-based engine that we call z9, runs completely on-device, immediately identifies even brand new phishing attempts – including this one – and protects the user and their privacy without sending any data to the cloud. z9 works independently of where the attack is coming from, meaning Zimperium customers are protected regardless of the delivery method used by an attacker (SMS, email, WhatsApp, Messenger, etc.,) or even user misbehavior (a user clicking on a phishing link while browsing).
As a matter of fact, the recent “Key Criteria for Evaluating Phishing Protection Platforms” from GigaOm provides an overview on the different solutions available, and includes Zimperium – – the only mobile phishing solution that met the criteria to be profiled.
In the report, GigOm says, “Zimperium’s focus in this space is well-founded, and their approach, which protects privacy and provides a broad spectrum of coverage, should be in every SOC’s toolbox and on their radar.”
GigaOm goes onto state:
- In the phishing prevention ecosystem, Zimperium’s approach enables them to deploy on BYOD or managed systems. It gives them an edge with regard to broad coverage that includes not only enterprise email, but all email on the device as well as messaging while maintaining user privacy;
- Because of their concept, they’re able to cover more ground than traditional phishing prevention platforms on mobile devices; and
- They put much of their R&D into understanding what sort of behaviors and changes indicate not only phishing attacks but compromised devices, network attacks and malicious apps.
If you’d like to learn how to secure your mobile devices from phishing attacks, please contact us. We are here to help.