Related Links

Zimperium, the pioneer in mobile security, released new research highlighting the evolving landscape of mobile phishing attacks.

The data-driven analysis of mobile phishing vectors in 2024 underscores an urgent need for organisations to adopt mobile-specific security strategies to combat these increasingly sophisticated threats, as evidence shows that attackers have moved to a ‘mobile first’ strategy to penetrate corporate networks and sensitive data.

Key findings from Zimperium’s 2024 report

  • Smishing (SMS/text-based phishing) remains the most common mobile phishing vector, with 37% of attacks in India, 16% in the U.S., and 9% in Brazil.
  • Mobile-targeted email phishing is increasing with attacks specifically designed to evade desktop security measures, executing only on mobile devices.
  • Quishing (QR code phishing) is emerging, with notable activity in Japan (17%), the U.S. (15%), and India (11%).
  • 3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.
  • Research shows attackers reusing CIDR blocks to host multiple phishing domains, extending attack reach and persistence.
  • Mishing activity peaked in August 2024, with over 1,000 daily attack records.

The strategic implications for enterprise security

Attackers are exploiting security gaps in cloud and mobile firm applications, raising the attack surface

As organisations increasingly rely on mobile devices for business operations, including multi-factor authentication and mobile-first applications, mobile phishing poses a severe risk to enterprise security. Attackers are exploiting security gaps in cloud and mobile business applications, expanding the attack surface and increasing exposure to credential theft and data compromise. 

Traditional anti-phishing measures designed for desktops are proving inadequate, requiring a shift to mobile threat defense solutions on mobile devices.

Evolution of traditional mobile phishing tactics

Mishing is not just an evolution of traditional mobile phishing tactics—it is an entirely new category of attack engineered to exploit the specific capabilities and vulnerabilities of mobile devices, such as cameras,” said Nico Chiaraviglio, Chief Scientist at Zimperium.

Our research shows that attackers are increasingly leveraging multiple mobile-specific channels—including SMS, email, QR codes, and voice phishing (vishing)—to exploit user behaviours and expand their attack surface.”

Related videos

Insta DomainLink Secret™

Insta DomainLink Secret™
Wan 2.2-S2V demo video: Female singer

Wan 2.2-S2V demo video: Female singer
Dahua MultiVision Online Event - Look Wider, Protect Deeper

Dahua MultiVision Online Event - Look Wider, Protect Deeper

In case you missed it

What are emerging applications for physical security in transportation?
What are emerging applications for physical security in transportation?

Transportation systems need robust physical security to protect human life, to ensure economic stability, and to maintain national security. Because transportation involves moving...

Gallagher & Fortified enhance perimeter security solutions
Gallagher & Fortified enhance perimeter security solutions

Global security manufacturer - Gallagher Security is proud to announce a strategic partnership with Fortified Security, a pioneering perimeter systems integrator with over 30 years...

Genetec: Data sovereignty in physical security
Genetec: Data sovereignty in physical security

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more survei...

Featured white papers
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Understanding AI-powered video analytics

Understanding AI-powered video analytics

Download
Enhancing physical access control using a self-service model

Enhancing physical access control using a self-service model

Download
How to implement a physical security strategy with privacy in mind

How to implement a physical security strategy with privacy in mind

Download
Security and surveillance technologies for the casino market

Security and surveillance technologies for the casino market

Download
More corporate news
ATRIUM access control: Fast, cost-effective solutions

ATRIUM access control: Fast, cost-effective solutions
AlarMax welcomes new president Scott Shelander

AlarMax welcomes new president Scott Shelander
DoorBird's innovation wins best brand 2025 award

DoorBird's innovation wins best brand 2025 award
Featured products
Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera

Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera
Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control

Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)