Another method for mobile phishing is through the use of similar looking iconography and keywords giving fraudulent applications the appearance of legitimacy. Often these applications are available on non-mainstream application markets. The consistent look and feel makes it difficult for users to differentiate between legitimate and malicious applications.

Implications to your organization

#1 - Security of your organization

With the prevalence of BYOD, employees have the ability to install applications on their devices from a variety of sources. A user installing a malicious application on their device can compromise your organization from a credential and sensitive information theft perspective if the user is fooled by the application. Additionally, malicious apps masquerading as legitimate may have access inside your corporate firewall potentially compromising your network.

#2 – Security of your customers

Your customers may be at risk. A customer fooled into installing a fake application may provide sensitive banking information or credit card information under the belief they are doing secure business with your organization. This can potentially have serious consequences for them in terms of financial losses and identity theft.

What can you do?

Education – Education about the existing of phishing and how to identify it is by far the most important step in preventing and mitigating phishing attacks, mobile or otherwise. Users should be aware of what to look for to differentiate legitimate applications from fraudulent.

Password best practices - To mitigate the reach of a phishing attack, security best practices around password re-use and management may contain the damage an attacker can perform.

Detect and remove malicious apps – You to scan and detect malicious applications on your users’ devices. Once identified, through the use of EMM Policies these applications can be blacklisted or removed.

Monitor the wild - As a way to protect your customers and company reputation you need to monitor application marketplaces for fraudulent or repackaged applications masquerading as your company's legitimate apps.

Our RECON Platform is designed to continuously monitor and detect repackaged apps and fraudulent use of brand assets on your behalf. Learn more about Brand Protection or check out RECON live in our Threat Center.