ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

What should the expected action be on IOS and Android for phishing SMS messages

book

Article ID: 222974

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

What does it look like when an iOS or Android device receives a phishing message with SEP Mobile installed and SMS message filtering enabled.

What does SEP Mobile phishing protection look like?

Environment

iOS

Android

 

Resolution

iOS Experience

NOTE: Apple restricts SMS message analysis to only messages from unknown senders. The end user must enable SEP Mobile to filter their messages. SEP Mobile cannot centrally track in the Management Console if the end user has enabled this protection on their device. See Detection and protection against malicious SMS messages for more info about SEP Mobile SMS phishing protection and iOS limitations

SEP Mobile filters the message into the junk folder and the end user does not receive a notification that a message is received.

If the user opens their junk messages and clicks on the phishing link, the SRP VPN will not take action. XNDC (Unwanted Network Content) VPN will block the page if configured.

To verify the SMS phishing extension is enabled on the iOS device please see: SMS filter extension enabled

Android Experience

Here is the relevant app permission to allow SEP Mobile to View and Send SMS messages on Android (Settings > Apps > SEP Mobile > Permissions > SMS)

When a text containing phishing content is received, it is delivered to the user's standard text inbox, and is accessible to the user.  However upon receipt SEP Mobile immediately generates an alert:

Here is the alert in the SEP Mobile app:

The SEP Mobile dashboard reflects that a Network Content Threat is active on the device due to the presence of the phishing message:

In the MC the Incident for this detection will also remain open until the text is deleted:

If the user tries to tap on the phishing URL an Unwanted Network Content alert is presented, and visiting the linked site is prevented.  

Upon deletion of the text the Incident which was generated is closed.  

 

 

Additional Information

Symantec Mobile Threat Defense: Prevent Mobile Phishing with Advanced URL Reputation

Configure phishing protection in Endpoint Protection Mobile

Attachments

Powered by Wolken Software