Mobile-targeted phishing, or mishing, attacks involving more advanced social engineering tactics have significantly increased in prevalence last year, with one particular global attack campaign compromising over 600 organizations, reports SiliconAngle.
Intrusions not only entailed the mounting adoption of device-aware phishing approaches and fingerprinting techniques for greater stealthiness but also the utilization of geolocation-based redirection to facilitate localized scams, according to a report from Zimperium ZLabs researchers, who noted that mishing has become more successful amid a reduction in user URL verification and the increase in Bring Your Own Device policies. Such findings were noted by Keeper Security Vice President of Security and Architecture Patrick Tiquet to necessitate an overhaul of organizations' security strategies to adapt to the risks brought upon by hybrid and remote working arrangements. "This includes mobile threat defense, phishing-resistant MFA, clear Bring Your Own Device policies, and a strong password management strategy to mitigate credential-based attacks," Tiquet added.