b'Cybersecurity CSIA 21Nico Chiaraviglio, Zimperiums Chief Scientist, warnsFAST . ACCURATE . EASY-TO-LEARNthat mishing is not just an evolution of traditional mobilephishingtacticsitisanentirelynew category of attack engineered to exploit the specific capabilities and vulnerabilities of mobile devices,ESTIMATING SOFTWAREsuch as cameras. Our research shows that attackersESTIMATING SOFTWAREare increasingly leveraging multiple mobile-specificestimate better.channelsincluding SMS, email, QR codes, and voice phishing (vishing)to exploit user behaviors and expand their attack surface.And whereas email has always been the primary vulnerability, new attacks are more likely to target you by SMS or messaging app. This shift follows increased nervousness when opening attachments or clickingSEE Alinks in email. All made worse by AI advances, thatDEMOmake it even harder to detect a threat on a smallTODAYscreen before tapping.Not only does SMS carry text-based phishing risks, but its also vulnerable to on-device malware hijacking 2FA codes in real time. The U.S. government warns users to stop using SMS codes for 2FA, and in recent days we have seen SMS codes intercepted to hijack Gmail and Outlook accounts. Zimperium highlights1.800.828.7108|estimatebetter.comSMS Stealer malware, that is now compromising accounts on more than 600 global services.Someofthismandatesnewusertrainingand The FBI, meanwhile, has warned users to delete allawareness, and also strict rules on link and attachment smishing texts given the alarming ramp-up in SMShandling. But when it comes to account credentials,CENTRAL STATES INSULATION ASSOCIATIONattacks mimicking brands and local governmentthere are now multiple reasons to shift from SMS to agencies. As we have seen with recent FBI andauthentication apps or passkeys. As Microsoft has police warnings into toll and disaster relief fraud, thewarned, we only get safer if legacy login methods are ease of masking a sender ID, using brief text and aremoved. So its not just a case of providing new ways shortened link to mask a non-typical URL makes itto secure accounts, it needs the old ways shut down.all too easy to lure a user into clicking.Mobile devices have become the primary targets, Zimperium also notes the geographical targetingZimperium warns. The technical sophistication ofmobileattacks,againasseenwithfaketolldemonstrated by observed campaigns suggests messages focusing on specific cities and states.this trend will continue to accelerate, demanding Modernmishingcampaignsfrequentlyemploycontinued innovation in mobile-specific security geolocation-based redirection at country or even atcontrols.the city level, allowing for highly targeted attacks. This enables precise targeting of specific regionsZak Doffman has covered security, surveillance and privacy on or organizations, complicates detection by securityForbes since 2018, focusing on updates from the worlds largest researchers,increasescampaigneffectivenesstech companies, staying safe on smartphones and social media, through localization, [and] reduces detection rates. and the dangers of AI.csiaonline.org'