Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:


Mobile phishing – same attacks – different hooks

Fraud Alert:

I spent the last two weeks talking with CISOs, application developers, mobility experts and IoT thought leaders like SRI’s Dr. Ulf Lindqvist. One thing was for certain – mobile is receiving a lot of attention from the enterprise.

Considerations voiced ranged from device and application management to security of mobile apps and IoT devices. EMM, MAM and MDM were talked about as a part of the solution. But security solutions were generally perceived as lacking. Just a few years ago, few people thought that these mobile, consumer devices would be so powerful, pervasive and change enterprise security so fundamentally.

Now mobility professionals are working cooperatively with security professionals much like the way WAF brought together web application developers and security professionals. Just as with WAF there can be a steep cooperation curve in many organizations trying to bring these two disparate groups together. A lack of symbiotic mutualism often leads to poorly secured applications that are developed in-house and poor security around third-party applications, both of which are being implemented for internal enterprise use and for customer-facing solutions.

From a security perspective there are growing concerns around areas like pharming and malware. Protection of data at rest and data in transit are also familiar considerations as are session hijacking protection, man in the middle protection and anti-debugging. But one item that came up time and time again was phishing and the fact that phishing is a bit different for mobile juxtaposed to traditional browser and email-based phishing.