Appdome, the mobile economy’s one-stop shop for mobile app defense, unveiled its new Social Engineering Prevention service on the Appdome Platform. The new service enables mobile brands to continuously detect, block and intervene the moment social engineering attacks attempt to exploit user trust or manipulate user behavior. The new service includes several new real-time defenses against voice phishing (vishing), remote desktop control, FaceID bypass, fake applications, and SIM swapping, all of which protect user safety, brand reputation, business continuity, and revenue generation.
“Social engineering attacks tend to go where users are most vulnerable and, right now, that includes the mobile app and device,” said Katie Norton, Research Manager of DevSecOps at IDC. “Mobile brands and their users face serious consequences when social engineering attacks are successful, so organizations need solutions that can help detect and prevent such attacks for their mobile applications.”
Social engineering attacks exploit brand trust by using impersonation and psychological manipulation to cause mobile users to divulge sensitive information, such as passwords, OTP keys, and more, perform actions in a mobile app on behalf of the attacker, or install new apps that give the attacker control over the user’s mobile device. Such mobile app attacks can have far-reaching consequences for consumers, including account takeover, financial loss, identity theft, confusion, and fear. Traditionally social engineering attacks were only discovered after an attack was successful, leaving mobile brands and users with months of financial, reputational, and emotional harm. Now, brands have the power of the first real-time solution to detect and intervene in social engineering attacks the moment they happen, disrupting the multi-billion-dollar social engineering fraud ecosystem.
“Mobile brands are taking social engineering attacks seriously,” said Tom Tovar, co-creator and CEO of Appdome. “The rise of AI-powered attacks is escalating the imperative to deliver real-time continuous protection from social engineering and other attacks. To fuel the long-term growth of the mobile app economy, we give brands the technology to detect each attack, maintain their voice and break the cycle of manipulation that sits at the center of social engineering attacks.”
Appdome’s Social Engineering Prevention empowers mobile brands to break the cycle of live attacks by detecting and defending in real time the top methods social engineering attackers use to injure brands and users:
- Voice Phishing (Vishing) Fraud: Uses behavioral analysis to detect when mobile end users’ activity in a mobile app coincides with a potentially malicious phone call, via attacks such as FakeCalls.
- Remote Desktop Control: Detects third-party applications, such as TeamViewer, used in social engineering attacks to remotely control mobile devices and applications.
- Biometric (FaceID) Bypass: Detects when an attacker attempts to spoof, fake or bypass biometric (facial) recognition in Android and iOS mobile apps, such as in GoldPickaxe.
- SIM Swapping: Detects when an attacker uses the mobile application with a replacement SIM card that the attacker controls.
- Admin-SU Profiles: Detects if the device has an MDM, admin-SU, or similar profile installed on the device, which could spy or control the user’s application.
- Trojan Apps: Prevent trojan apps, embedded with Malware such as FjordPhantom, used to spy on end users and gather data for social engineering attacks.
The new Social Engineering Prevention features can be deployed stand-alone or combined with any or all of Appdome’s 300+ other mobile app security, anti-fraud, anti-malware, geolocation compliance and other defenses. Together, Appdome makes it easy for mobile brands to unify mobile app defenses vs. the cost and complexity of cobbling together several disparate technologies to attempt to achieve a workable defense.
Like all of Appdome’s mobile app defenses, the new social engineering prevention features are available in several enforcement modes – in-app defense, in-app detection, and using Appdome’s Threat-Events™ in-app control framework. Threat-Events allows mobile brands to gather data on each attack, control the user experience and create beautiful on-brand mobile experiences when attacks happen. Mobile brands can use Threat-Events to leverage the power of their brand voice to break the cycle of a social engineering attack by restricting transactions, triggering SMS check-ins or educating users with in-app popups when threats are present. Mobile brands can track and monitor social engineering attacks via Appdome’s ThreatScope™ Mobile XDR, either before or after the deployment of social engineering prevention features.
“To win, you have to break the cycle of a social engineering attack as it happens,” said Chris Roeckl, chief product officer at Appdome. “Appdome’s Social Engineering Prevention service does just that – first we stop the technical means of application or device control the attackers use, and second, we provide telemetry and intelligence to the mobile app, giving the mobile brand the power to intervene, e.g. ‘Are you okay?’ when a threat is present.”
