zLabs Mishing Report: The Evolution of Mobile-Specific Phishing Attacks

3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.

Quishing (QR code phishing) is emerging, with notable activity in Japan (17%), the U.S. (15%), and India (11%).

Smishing (SMS/text based phishing) is the most common mobile phishing vector, accounting for 37% of attacks in India, 16% in the U.S., and 9% in Brazil.

Mishing activity peaked in August 2024, with over 1,000 daily attack records.