Phishing has long been considered the main threat in cybersecurity. However, a new form of attack, called "mishing", is emerging and specifically targets mobile devices.
"Mishing", a term coined by security company Zimperium, encompasses various phishing techniques adapted to smartphones and tablets. According to a recent report from Zimperium, this threat is gaining prominence as organizations increasingly rely on mobile devices for their daily operations. Cybercriminals have taken note of this trend and are adapting their strategies accordingly, developing attacks specifically designed to bypass traditional security measures designed for desktop computers.
Mishing comes in several forms, including “smishing” (SMS phishing), “quishing” (via QR codes), “vishing” (via voice calls), or even attacks based on Wi-Fi networks. This diversity of attack vectors makes mishing particularly dangerous, because it exploits the specific behaviors of mobile users.
A growing threat
The figures presented by Zimperium are alarming. Smishing is the most widespread mobile phishing vector, representing 37% of attacks in India, 16% in the United States and 9% in Brazil. Quishing, although more recent, is gaining ground, particularly in Japan (17%), the United States (15%) and India (11%). More worryingly, 3% of phishing sites now use mobile-specific redirection techniques, displaying harmless content on computers while targeting smartphones with malicious payloads.
Faced with this growing threat, Zimperium experts, including Nico Chiaraviglio, the company's Chief Scientist, stress the urgency for organizations to adopt security measures specifically designed for mobile devices. They stress that mishing is not simply an evolution of traditional phishing, but a new category of attacks that exploit the particularities of smartphones, such as their camera or touch interface.
To protect yourself, it is crucial to be extra vigilant when using mobile devices. Verifying the origin of messages, being careful with links and attachments, and not giving in to the urgency artificially created by attackers are essential practices. Companies, for their part, must invest in advanced mobile security solutions and train their employees on the specific risks of mishing. As the peak in activity mishing was observed in August 2024 with over 1000 daily attacks, the threat shows no signs of abating, making awareness and protection more important than ever.
0 Comments