Mobile-first phishing attacks surge as specific capabilities are targeted

No Comments

As organizations increasingly rely on mobile devices for business operations, including multi-factor authentication and mobile-first applications, mobile phishing poses a severe risk to enterprise security.

New research from Zimperium's zLabs shows a surge in mobile-focused attacks, dubbed 'mishing', activity peaking in August 2024 with over 1,000 daily attack records. These attacks are specifically designed to evade desktop security measures, executing only on mobile devices.

Three percent of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads. This makes detection and analysis of the attacks more challenging.

"Mishing is not just an evolution of traditional mobile phishing tactics -- it is an entirely new category of attack engineered to exploit the specific capabilities and vulnerabilities of mobile devices, such as cameras," says Nico Chiaraviglio, chief scientist at Zimperium. "Our research shows that attackers are increasingly leveraging multiple mobile-specific channels -- including SMS, email, QR codes, and voice phishing (vishing) -- to exploit user behaviors and expand their attack surface."

See also:
Phishing-as-a-Service kits see a surge as threat actors target weaknesses
Deepfakes, workforce fraud and phishing incidents on the rise across businesses
SMEs put at risk by poor mobile security practices

Smishing (SMS/text based phishing) remains the most common mobile phishing vector, with 37 percent of attacks in India, 16 percent in the US, and nine percent in Brazil.

Quishing (QR code phishing) is an emerging threat, with notable activity in Japan (17 percent), the US (15 percent), and India (11 percent).

The research also shows attackers reusing CIDR (Classless Inter-Domain Routing) blocks to host multiple phishing domains, extending attack reach and persistence.

You can read more and get the full report on the Zimperium blog.

Image credit: Techa Tungateja/Dreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

Deepfake fraud attempts grow over 2,000 percent

Best Windows apps this week

It's possible to run Windows XP on an Apple TV -- and it works like a dream!

AI-powered solution detects insider threats

Why are virtual CISOs becoming so popular? Because organizations need them [Q&A]

Microsoft is giving Snipping Tool a major OCR upgrade in Windows 11

Amazon kills its Android Appstore while Google Play remains the go-to choice

Most Commented Stories

Who needs Windows 11? FreeXP is a modern version of Microsoft's greatest OS, powered by Debian Linux

48 Comments

Windows 12 won't pull me away from Linux unless Microsoft fixes these 5 things

45 Comments

AR OS 2 is everything we want Windows 12 to be -- and more

38 Comments

Google is the latest tech firm to drop diversity hiring targets following Trump’s executive orders

24 Comments

Oreon 10, our favorite Windows replacement, has just been updated -- and it's about to get much, much better!

14 Comments

Transform Windows 10 or 11 into Windows 7 in just five clicks

14 Comments

Microsoft is forcing the new Outlook for Windows app on Windows 10 users with the mandatory KB5051974 update

11 Comments

Microsoft and Apple should take a long hard look at Elon Musk’s ‘Big Balls’

10 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.