Beyond Phishing: The Rise of Mobile-Specific Cyber Threats

Based on a report from security company Zimperium, Inc., Sead Fadilpašić, writing in the U.S. edition of the international technology publication TechRadar, examines the new generation of cybersecurity threats targeting digital communications platforms. Phishing, says the Zimperium report, is “so 2020.” 

Organizations have increasingly relied on mobile devices. According to the report, hackers have responded by revising their methods to evade anti-phishing defensive systems designed for desktop computers.

The term “mobile devices” in this formulation includes primarily, but not exclusively, phones. Cameras, for example, are specifically included in the designation. 

Zimperium has coined some new terms for some of the mobile device phishing techniques under the general term “mishing,” They include smishing (SMS/text-based phishing), quishing (QR code phishing), voice phishing, and Wi-Fi-based phishing.

The most common type of phishing is smishing, which accounts for 37 percent of such attacks in India and 16 percent in the US. “Quishing,” characterized as an emerging threat, is more common in Japan, accounting for 17 percent of reported mobile phishing incidents and 15 percent in the US.

Some phishing sites appear as “benign content” on desktops but then prove to be phishing sites that can target mobile devices.

Zimperium provides security technology specifically engineered to protect “mobile endpoints” and urges businesses to adopt mobile-specific security.

Nonetheless, the company’s chief scientist acknowledges that email-based phishing attacks remain a significant threat even as attackers increasingly target mobile-specific channels. He says that threat is best addressed by “the use of common sense in the office.”