EN 
FR_FR 
A study conducted by Zimperium highlights a notable increase in cyberattacks on smartphones, particularly in professional environments.
Sommaire
The main brands targeted by mishing are Microsoft and Facebook.
Cyberattacks targeting mobile phone users are on the rise, mainly through a technique called mishing. This type of phishing specifically targets mobile devices, exploiting their weaknesses to scam users and steal their personal information. A threat that is crucial to be aware of in order to defend yourself against, both for individuals and professionals.
What is mishing and why is it increasing?
The term “mishing,” a portmanteau of “mobile” and “phishing,” refers to phishing attacks that target users via their mobile phones. These attacks can take the form of fraudulent text messages (smishing), malicious phone calls (vishing), or trap emails (phishing). Although similar to attacks targeting computers, mishing campaigns are designed to be particularly effective on mobile devices, such as smartphones.
The growing popularity of mishing is mainly due to the explosion in the number of smartphone users, which has now surpassed 6.8 billion worldwide. At the same time, the use of mobile phones for business purposes has also increased, with over 71,% of employees using their mobile devices for business communications or accessing corporate data. This mass adoption of mobile devices in the workplace, often coupled with inadequate protection, makes them an attractive target for cybercriminals. Zimperium, in its Global Mobile Threat Report 2024, indicates that 82,% of phishing sites are now optimized for mobile.
How to protect yourself against mish-mash and secure your phone?
For those working in the digital sector, it is crucial to protect their businesses and users from mishing. Here are some best practices to apply, also valid for the general public:
User awareness:
Educating co-workers, or those close to you, on how to recognize mishing is essential. They should be trained to identify warning signs such as questionable links, spelling mistakes, or urgent requests for personal data.
Multi-factor authentication:
Implementing multi-factor authentication strengthens security, making it harder for cybercriminals to access accounts, even after obtaining credentials through mishing. When combined with a password manager, this method further strengthens device security.
Mobile security systems:
Adopting mobile defense solutions such as Device Threat Detection (MTD) helps spot and block attacks before they reach users.
Regular updates:
Vulnerabilities in mobile operating systems are often exploited in mishing attacks. Ensure all devices are updated with the latest security patches.
Filtering malicious sites:
Implementing systems to filter and block malicious URLs can significantly reduce the risks to users.
Using VPN:
Recommending the use of a VPN to encrypt connections when employees access sensitive information over public or unsecured networks helps protect communications and make it harder for cybercriminals to intercept data, even over public Wi-Fi networks.
Best VPN Options
- NordVPN
- Surfshark VPN
- Avast SecureLine VPN
- Atlas VPN
Cybercriminals often use the image of major brands to lend credibility to their attacks and abuse users. In recent years, several brands have become the preferred targets of mishing campaigns. Here are the most targeted brands by global region, according to the Zimperium document:
- North America: Microsoft is the most copied brand with 57,133 attacks, followed by WhatsApp and Facebook.
- South America: WhatsApp leads the way with 33,% of the attacks, followed by local banks such as DenizBank.
- EMEA (Europe, Middle East, Africa): Gazprom, Facebook and Instagram are the most counterfeited brands.
- APAC (Asia Pacific): Bet365, Facebook and Garena dominate these campaigns.
Hackers rely on users' awareness and trust in these brands to trick them into clicking on malicious links or disclosing sensitive personal data.
