Zachary Rager
Phishing today isn’t just email. Adversaries are now exploiting SMS, Signal, LinkedIn, QR codes, and more to directly target your people—on the devices they rely on most. These mobile-specific tactics—like smishing and quishing—are designed to exploit human trust, not technical flaws. And they’re working.
Protecting users from falling for such schemes is difficult. Threat researchers have seen malicious smishing campaigns deploy zero-click malware that can hijack verification codes and one time passwords (OTPs), replicating screen interfaces, and stealing application credentials. One report identified why mobile users are more at risk, including:
Reduced screen size makes suspicious URLs harder to identify
Touch screens make it harder for a user to inspect URLs
Mobile channels like SMS and QR codes can create a false sense of trust