Forget phishing, now "mishing" is the new security threat to worry about

News
By
published

Mobile-first phishing is emerging as a major threat

mobile phone
(Image credit: Shutterstock / ImYanis)
  • Businesses are increasingly relying on mobile phones for key operations, and cybercriminals have spotted the shift
  • Hackers have adapted their methods, Zimperium report claims
  • Most phishing attacks are tailored for mobile phones

Phishing is “so 2020” - the threat to be worried about most right now is “mishing” a new report from Zimperium has claimed.

Mishing, a term coined by Zimperium, covers all sorts of mobile-first phishing techniques: Smishing (SMS/text-based phishing), Quishing (QR code phishing), voice phishing, Wi-Fi-based phishing (the so-called “Evil Twin” attack), and many others.

Zimperium says organizations are increasingly relying on mobile devices for business operations, including multi-factor authentication, mobile-first applications, and more, and cybercriminals are taking notice, tailoring their phishing attacks for mobile devices, successfully evading traditional anti-phishing measures designed for desktops.

Smishing, Quishing, and more

As a result, businesses urgently need to adopt mobile-specific security, Zimperium stresses.

Smishing, for example, is now the most common mobile phishing vector, accounting for 37% of attacks in India, 16% in the US, and 9% in Brazil. Quishing, on the other hand, is described as an emerging threat, with notable activity in Japan (17%), the US (15%), and India (11%). Furthermore, 3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.

Mishing activity peaked in August 2024, Zimperium added, with over 1,000 daily attack records.

“Mishing is not just an evolution of traditional mobile phishing tactics—it is an entirely new category of attack engineered to exploit the specific capabilities and vulnerabilities of mobile devices, such as cameras,” said Nico Chiaraviglio, Chief Scientist at Zimperium.

“Our research shows that attackers are increasingly leveraging multiple mobile-specific channels - including SMS, email, QR codes, and voice phishing (vishing) - to exploit user behaviors and expand their attack surface.”

Whatever you decide to call it, email-based phishing attacks remain the number one threat best eliminated by the use of common sense in the office.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Fraude en ligne phishing
What is phishing and how dangerous is it?
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
Latest in Security
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Security
Broadcom releases fixes for multiple VMware security flaws
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Latest in News
An Nvidia GeForce RTX 5070
Nvidia confirms that an RTX 5070 Founders Edition is coming... just not on launch day
Microsoft UK CEO Darren Hardman AI Tour London 2025
Microsoft - UK can help drive the global AI future, but only with the proper buy-in
Asus Prime OC RTX 5070 graphics card with three fans, shown at an angle
Asus reveals Nvidia RTX 5070 launch pricing, and while one model is at MSRP – thankfully – the others make me want to give up my search for a next-gen GPU
OpenAI CEO Sam Altman attends the artificial intelligence Revolution Forum. New York, US - 13 Jan 2023
Sam Altman tweets delay to ChatGPT-4.5 launch while also proposing a shocking new payment structure
Philips Hue lights being dimmed
Got Philips Hue lights? A free app update delivers these 3 improvements
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
More about security
Woman using iMessage on iPhone

Apple to take legal action against British Government over backdoor request
Security

Broadcom releases fixes for multiple VMware security flaws
Red padlock open on electric circuits network dark red background

Aviaton firms hit by devious new polyglot malware
See more latest