Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Zimperium Research Exposes Surge in Mishing (Mobile-Targeted Phishing) Attacks

February 2025 by Zimperium

Zimperium released new research highlighting the evolving landscape of mobile phishing attacks. The data-driven analysis of mobile phishing vectors in 2024 underscores an urgent need for organizations to adopt mobile-specific security strategies to combat these increasingly sophisticated threats, as evidence shows that attackers have moved to a ‘mobile first’ strategy to penetrate corporate networks and sensitive data.

Key Findings from Zimperium’s 2024 Mobile Phishing Report:

Smishing (SMS/text based phishing) remains the most common mobile phishing vector, with 37% of attacks in India, 16% in the U.S., and 9% in Brazil.
Mobile-targeted email phishing is increasing with attacks specifically designed to evade desktop security measures, executing only on mobile devices.
Quishing (QR code phishing) is emerging, with notable activity in Japan (17%), the U.S. (15%), and India (11%).
3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.
Research shows attackers reusing CIDR blocks to host multiple phishing domains, extending attack reach and persistence.
Mishing activity peaked in August 2024, with over 1,000 daily attack records.

The Strategic Implications for Enterprise Security

As organizations increasingly rely on mobile devices for business operations, including multi-factor authentication and mobile-first applications, mobile phishing poses a severe risk to enterprise security. Attackers are exploiting security gaps in cloud and mobile business applications, expanding the attack surface and increasing exposure to credential theft and data compromise. Traditional anti-phishing measures designed for desktops are proving inadequate, requiring a shift to mobile threat defense solutions on the mobile device.

“Mishing is not just an evolution of traditional mobile phishing tactics—it is an entirely new category of attack engineered to exploit the specific capabilities and vulnerabilities of mobile devices, such as cameras,” said Nico Chiaraviglio, Chief Scientist at Zimperium. “Our research shows that attackers are increasingly leveraging multiple mobile-specific channels—including SMS, email, QR codes, and voice phishing (vishing)—to exploit user behaviors and expand their attack surface.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts