Forget phishing, now "mishing" is the new security threat to worry about

News
By published

Mobile-first phishing is emerging as a major threat

mobile phone
(Image credit: Shutterstock / ImYanis)
  • Businesses are increasingly relying on mobile phones for key operations, and cybercriminals have spotted the shift
  • Hackers have adapted their methods, Zimperium report claims
  • Most phishing attacks are tailored for mobile phones

Phishing is “so 2020” - the threat to be worried about most right now is “mishing” a new report from Zimperium has claimed.

Mishing, a term coined by Zimperium, covers all sorts of mobile-first phishing techniques: Smishing (SMS/text-based phishing), Quishing (QR code phishing), voice phishing, Wi-Fi-based phishing (the so-called “Evil Twin” attack), and many others.

Zimperium says organizations are increasingly relying on mobile devices for business operations, including multi-factor authentication, mobile-first applications, and more, and cybercriminals are taking notice, tailoring their phishing attacks for mobile devices, successfully evading traditional anti-phishing measures designed for desktops.

Smishing, Quishing, and more

As a result, businesses urgently need to adopt mobile-specific security, Zimperium stresses.

Smishing, for example, is now the most common mobile phishing vector, accounting for 37% of attacks in India, 16% in the US, and 9% in Brazil. Quishing, on the other hand, is described as an emerging threat, with notable activity in Japan (17%), the US (15%), and India (11%). Furthermore, 3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.

Mishing activity peaked in August 2024, Zimperium added, with over 1,000 daily attack records.

“Mishing is not just an evolution of traditional mobile phishing tactics—it is an entirely new category of attack engineered to exploit the specific capabilities and vulnerabilities of mobile devices, such as cameras,” said Nico Chiaraviglio, Chief Scientist at Zimperium.

“Our research shows that attackers are increasingly leveraging multiple mobile-specific channels - including SMS, email, QR codes, and voice phishing (vishing) - to exploit user behaviors and expand their attack surface.”

Whatever you decide to call it, email-based phishing attacks remain the number one threat best eliminated by the use of common sense in the office.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Latest in Security
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
ID theft
Hackers claim Orange attack, threaten to leak 1TB of data
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Latest in News
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Veresa attacks an enemy in Genshin Impact.
Genshin Impact Version 5.5 arrives next week, adding a new five star character obsessed with food
Google Pixel 9a
Google just launched the Pixel 9a – and I reckon it embarrasses the iPhone 16e
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.
Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere
More about security
AI tools.

Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Avast cybersecurity

An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
A person holding out their hand with a digital AI symbol.

How to support vulnerable customers as a technology leader
See more latest
Most Popular
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Thursday, March 20 (game #382)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 20 (game #648)
Quordle on a smartphone held in a hand
Quordle hints and answers for Thursday, March 20 (game #1151)
Veresa attacks an enemy in Genshin Impact.
Genshin Impact Version 5.5 arrives next week, adding a new five star character obsessed with food
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.
Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Jia-Xin "Jay" Zhong, a postdoctoral scholar of acoustics at Penn State, used a dummy with microphones in its ears to measure the presence or absence of sound along an ultrasonic trajectory.
A wild new sound tech promises to create 'personal' sound only you can hear, but without headphones
An AMD Ryzen processor slotted into a motherboard
It's not looking bright for next-gen systems using AMD's Medusa Point APUs - they reportedly won't use RDNA 4 architecture, potentially meaning no FSR 4
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers