- Businesses are increasingly relying on mobile phones for key operations, and cybercriminals have spotted the shift
- Hackers have adapted their methods, Zimperium report claims
- Most phishing attacks are tailored for mobile phones
Phishing is “so 2020” - the threat to be worried about most right now is “mishing” a new report from Zimperium has claimed.
Mishing, a term coined by Zimperium, covers all sorts of mobile-first phishing techniques: Smishing (SMS/text-based phishing), Quishing (QR code phishing), voice phishing, Wi-Fi-based phishing (the so-called “Evil Twin” attack), and many others.
Zimperium says organizations are increasingly relying on mobile devices for business operations, including multi-factor authentication, mobile-first applications, and more, and cybercriminals are taking notice, tailoring their phishing attacks for mobile devices, successfully evading traditional anti-phishing measures designed for desktops.
Smishing, Quishing, and more
As a result, businesses urgently need to adopt mobile-specific security, Zimperium stresses.
Smishing, for example, is now the most common mobile phishing vector, accounting for 37% of attacks in India, 16% in the US, and 9% in Brazil. Quishing, on the other hand, is described as an emerging threat, with notable activity in Japan (17%), the US (15%), and India (11%). Furthermore, 3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.
Mishing activity peaked in August 2024, Zimperium added, with over 1,000 daily attack records.
“Mishing is not just an evolution of traditional mobile phishing tactics—it is an entirely new category of attack engineered to exploit the specific capabilities and vulnerabilities of mobile devices, such as cameras,” said Nico Chiaraviglio, Chief Scientist at Zimperium.
“Our research shows that attackers are increasingly leveraging multiple mobile-specific channels - including SMS, email, QR codes, and voice phishing (vishing) - to exploit user behaviors and expand their attack surface.”
Whatever you decide to call it, email-based phishing attacks remain the number one threat best eliminated by the use of common sense in the office.
You might also like
- Microsoft reveals more on a potentially major Apple macOS security flaw
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
