Forget phishing, now "mishing" is the new security threat to worry about

News
By
published

Mobile-first phishing is emerging as a major threat

mobile phone
(Image credit: Shutterstock / ImYanis)
  • Businesses are increasingly relying on mobile phones for key operations, and cybercriminals have spotted the shift
  • Hackers have adapted their methods, Zimperium report claims
  • Most phishing attacks are tailored for mobile phones

Phishing is “so 2020” - the threat to be worried about most right now is “mishing” a new report from Zimperium has claimed.

Mishing, a term coined by Zimperium, covers all sorts of mobile-first phishing techniques: Smishing (SMS/text-based phishing), Quishing (QR code phishing), voice phishing, Wi-Fi-based phishing (the so-called “Evil Twin” attack), and many others.

Zimperium says organizations are increasingly relying on mobile devices for business operations, including multi-factor authentication, mobile-first applications, and more, and cybercriminals are taking notice, tailoring their phishing attacks for mobile devices, successfully evading traditional anti-phishing measures designed for desktops.

Smishing, Quishing, and more

As a result, businesses urgently need to adopt mobile-specific security, Zimperium stresses.

Smishing, for example, is now the most common mobile phishing vector, accounting for 37% of attacks in India, 16% in the US, and 9% in Brazil. Quishing, on the other hand, is described as an emerging threat, with notable activity in Japan (17%), the US (15%), and India (11%). Furthermore, 3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.

Mishing activity peaked in August 2024, Zimperium added, with over 1,000 daily attack records.

“Mishing is not just an evolution of traditional mobile phishing tactics—it is an entirely new category of attack engineered to exploit the specific capabilities and vulnerabilities of mobile devices, such as cameras,” said Nico Chiaraviglio, Chief Scientist at Zimperium.

“Our research shows that attackers are increasingly leveraging multiple mobile-specific channels - including SMS, email, QR codes, and voice phishing (vishing) - to exploit user behaviors and expand their attack surface.”

Whatever you decide to call it, email-based phishing attacks remain the number one threat best eliminated by the use of common sense in the office.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
Isometric demonstrating multi-factor authentication using a mobile device.

Google is ditching SMS - and will now use QR codes for Gmail account authentication
Android phone malware

Over 25 new malware variants created every single hour as smart device cyberattacks more than double in 2024
Qualcomm Dragonwing

Qualcomm unveils Dragonwing, the new name for its fight against Nvidia, Intel and AMD
See more latest