Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

What is mishing?

Picture of Tshedimoso Makhene Tshedimoso Makhene February 27, 2025

Cybersecurity
What is mishing?

Mishing encompasses multiple mobile attack methods, including SMS-based phishing (smishing), QR code phishing (quishing), voice phishing, and Wi-Fi-based phishing attacks. These attack methods exploit mobile device vulnerabilities and human psychology to deceive users.

 

How does mishing work?

Mishing works by exploiting mobile communication channels to deceive users into revealing sensitive information, downloading malware, or accessing fraudulent websites. According to TechRadar, “3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.” This allows for cybercriminals to detect the type of device a visitor is using and change their behavior accordingly.

Here’s how mishing typically unfolds:

  • Deceptive message: Attackers send fake alerts (e.g., bank fraud warnings, delivery failures).
  • Manipulation tactics: They create urgency, spoof trusted entities, and use malicious links.
  • Data theft: Victims unknowingly share credentials, financial details, or install malware.
  • Consequences: Identity theft, financial loss, or device compromise.

 

Common sources of mishing

  • Banks and financial institutions: Attackers often impersonate banks, claiming suspicious activity on accounts and urging victims to "verify" their information through fake links or phone numbers.
  • Delivery services (e.g., UPS, DHL, FedEx): Fraudulent messages may warn about missed deliveries, asking the recipient to click on a link or call a fake number to reschedule.
  • Government agencies: Scammers may impersonate government entities (e.g., tax authorities or health organizations), claiming that urgent action is needed, such as verifying identity or paying fines.
  • Online shopping and e-commerce platforms: Fake messages might claim issues with orders or shipping, prompting users to update payment information or click on unsafe links.
  • Social media and messaging apps: Attackers sometimes use social media platforms to send phishing links, posing as friends or businesses. QR codes shared via these platforms can also redirect to malicious websites.
  • Wi-Fi networks: Public spaces like cafes or airports are common places for attackers to set up fake Wi-Fi networks that resemble legitimate ones to steal data or inject malware.

Types of mishing

Mishing encompasses various mobile-based phishing attacks that exploit different communication channels to deceive users and steal sensitive information. These attacks include:

Smishing (SMS phishing)

  • How it works: Attackers send fraudulent text messages that appear to be from legitimate sources (e.g., banks, delivery services, or government agencies). The message typically contains a link to a fake website designed to steal personal information, login credentials, or financial data.
  • Example: A text message claiming your bank account has been compromised and asking you to click a link to "secure" your account.

Quishing (QR code phishing)

  • How it works: Scammers use QR codes to redirect victims to phishing sites or to prompt malware downloads. The QR codes may be embedded in posters, emails, or flyers, appearing to offer discounts, event registrations, or more.
  • Example: A QR code in a public place promising a free gift or discount, but scanning it leads to a malicious site asking for sensitive information.

Vishing (Voice phishing)

  • How it works: Attackers use phone calls to impersonate trusted entities, such as customer service representatives or government officials, in order to trick victims into providing personal details or making payments.
  • Example: A call from someone pretending to be from a bank, claiming suspicious activity on your account and asking you to verify your information over the phone.

 

Wi-Fi-based phishing (Evil twin attacks)

  • How it works: Attackers set up rogue Wi-Fi networks that mimic legitimate public hotspots. When victims connect, the attacker can intercept sensitive data, such as login credentials, financial information, or personal messages.
  • Example: A fake Wi-Fi network in a coffee shop with a name similar to the real one, allowing hackers to monitor and steal data from unsuspecting users.

SIM Swapping

  • How it works: Attackers trick a mobile carrier into transferring a victim’s phone number to a new SIM card, enabling them to intercept SMS messages and two-factor authentication (2FA) codes.
  • Example: The attacker calls the victim's mobile carrier, impersonates the victim, and convinces them to switch the victim's number to a new SIM card.

See also: HIPAA Compliant Email: The Definitive Guide

 

How to protect yourself

  • Verify before clicking links.
  • Use official channels to confirm messages.
  • Enable spam filters and two-factor authentication (2FA).
  • Avoid connecting to unknown Wi-Fi networks.

Go deeper: Steps to protect against phishing attacks

 

FAQS

How is mishing different from phishing?

Phishing is a broad term for online scams that deceive users into sharing personal information. Mishing specifically targets mobile users through SMS (smishing), QR codes (quishing), voice calls (vishing), and mobile networks.

 

Why are mobile devices targeted in phishing attacks?

Mobile devices are targeted because they have weaker phishing defenses, users are more likely to trust mobile messages, and attackers can exploit device-specific redirection techniques to bypass security scans.

HIPAA compliant email you can set and forget

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.