Verizon's report emphasizes a significant oversight in mobile cybersecurity, revealing that organizations often neglect mobile security despite the rise of smishing attacks. With a high percentage of employees falling victim to these attacks, the report calls for better security practices and awareness to mitigate risks associated with personal mobile devices.

Scammers are exploiting unsecured cellular routers from Milesight IoT to launch SMS phishing campaigns, known as smishing, that have been active since October 2023. Researchers found over 18,000 routers exposed online, with many allowing unauthorized access and running outdated firmware, making them an effective tool for decentralized phishing efforts targeting users in multiple countries.

A significant smishing campaign attributed to a Chinese-speaking threat actor, known as the Smishing Triad, has exploited over 194,000 domains to gather sensitive information, including Social Security numbers. The campaign impersonates various services, targeting users worldwide, and employs a decentralized approach to evade detection.

Silent smishing exploits vulnerable cellular router APIs to conduct phishing attacks via SMS, allowing attackers to access sensitive information without authentication. The article discusses various attack methods, including the impersonation of legitimate organizations, and emphasizes the need for vigilance against such threats.