What does it look like when an iOS or Android device receives a phishing message with SEP Mobile installed and SMS message filtering enabled.
What does SEP Mobile phishing protection look like?
NOTE: Apple restricts SMS message analysis to only messages from unknown senders. The end user must enable SEP Mobile to filter their messages. SEP Mobile cannot centrally track in the Management Console if the end user has enabled this protection on their device. See Detection and protection against malicious SMS messages for more info about SEP Mobile SMS phishing protection and iOS limitations
SEP Mobile filters the message into the junk folder and the end user does not receive a notification that a message is received.
If the user opens their junk messages and clicks on the phishing link, the SRP VPN will not take action. XNDC (Unwanted Network Content) VPN will block the page if configured.
To verify the SMS phishing extension is enabled on the iOS device please see: SMS filter extension enabled
Here is the relevant app permission to allow SEP Mobile to View and Send SMS messages on Android (Settings > Apps > SEP Mobile > Permissions > SMS)
When a text containing phishing content is received, it is delivered to the user's standard text inbox, and is accessible to the user. However upon receipt SEP Mobile immediately generates an alert:
Here is the alert in the SEP Mobile app:
The SEP Mobile dashboard reflects that a Network Content Threat is active on the device due to the presence of the phishing message:
In the MC the Incident for this detection will also remain open until the text is deleted:
If the user tries to tap on the phishing URL an Unwanted Network Content alert is presented, and visiting the linked site is prevented.
Upon deletion of the text the Incident which was generated is closed.