LLMpediaThe first transparent, open encyclopedia generated by LLMs

Mishing

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Brahmaputra River Hop 4
Expansion Funnel Raw 80 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted80
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Mishing
NameMishing
TypeSocial engineering, phishing, vishing
TargetsTelecommunications subscribers, financial institutions, e‑commerce users
First reported2000s
RelatedSmishing, Phishing, Vishing, SIM swapping

Mishing is a term for fraudulent schemes that exploit mobile telephony and messaging channels to deceive individuals and organizations into revealing sensitive information, transferring funds, or installing malicious software. The tactic blends elements of social engineering with technical methods used in phishing, vishing, and SIM swapping campaigns to capitalize on the ubiquity of smartphones and short message service protocols. Actors range from opportunistic criminals to organized groups linked to cross‑border cybercrime networks, and incidents have affected users of Apple Inc., Google LLC, Samsung Electronics, Vodafone Group, and regional carriers worldwide.

Definition and Overview

Mishing encompasses deceptive communications delivered via short message service, rich communication services, over‑the‑top apps, and sometimes combined with voice channels. Threat actors impersonate recognizable institutions such as PayPal, Bank of America, Amazon (company), Wells Fargo, HM Revenue and Customs, Airtel, and Tata Consultancy Services to exploit trust relationships. The technique often leverages compromised infrastructures tied to Twilio, Nexmo (Vonage) and other messaging platforms, or abuses legacy signaling protocols like SS7 and SIP (Session Initiation Protocol). Attack narratives frequently reference current events tied to COVID‑19 pandemic, Olympic Games, FIFA World Cup, and major cybersecurity breaches to increase plausibility.

Techniques and Variations

Common variants include short message spoofing, link‑based credential harvesting, multimedia attachments carrying payloads, interactive click‑to‑call traps, and coordinated SIM swapping to hijack two‑factor authentication channels. Attackers use techniques such as URL obfuscation referencing domains like ICANN‑registered lookalikes, homograph attacks echoing Microsoft Corporation and Apple Inc. brands, and time‑limited one‑time password interception tied to Twilio and carrier signaling exploits. More advanced campaigns integrate malware families such as FluBot, Anubis (malware), and Android trojans that mimic interfaces of Google Play Store, WhatsApp, Facebook, and banking apps like Chase Bank and HSBC. Nation‑state actors and cybercrime syndicates have combined mishing with disinformation operations observed around 2020 United States presidential election and Brexit‑related campaigns.

Targets and Motivations

Targets range from individual consumers and small businesses to high‑value corporate executives and public figures at United Nations missions, diplomatic services, and multinational corporations including Microsoft, Apple, Amazon, JPMorgan Chase, and Goldman Sachs. Motivations include financial fraud, credential theft for access to Microsoft 365 and Google Workspace tenants, espionage for intellectual property theft, and account takeover for resale on underground markets such as forums monitored by Europol and FBI. Campaigns have targeted sectors including banking, healthcare providers like Mayo Clinic and NHS (England), e‑commerce platforms such as eBay, and cryptocurrency services like Coinbase.

Detection and Prevention

Detection relies on a combination of user education, technical controls, and coordination with industry bodies like GSMA and regulators such as the Federal Communications Commission and European Commission. Defensive measures include carrier‑level filtering against SMS spam, deployment of DKIM/SPF/DMARC analogs for messaging, multi‑factor authentication using hardware tokens from Yubico and RSA Security, and endpoint protections from vendors like Symantec, McAfee, CrowdStrike, and Palo Alto Networks. Lawful intercept frameworks and signaling hardening to mitigate SS7 and Diameter protocol flaws are recommended by NIST and ENISA. Public‑private information sharing initiatives akin to InfraGard and Financial Services Information Sharing and Analysis Center help trace indicators of compromise.

Jurisdictions have pursued legislative and enforcement responses involving telecommunications regulation, data protection frameworks such as General Data Protection Regulation, and consumer fraud statutes enforced by agencies including the Federal Trade Commission, Ofcom, Australian Communications and Media Authority, and National Crime Agency (UK). Civil and criminal actions have targeted operators of fraudulent messaging services and facilitators hosted in jurisdictions coordinated through Interpol, Europol, and bilateral mutual legal assistance treaties. Industry initiatives include best‑practice guidelines from GSMA and technology standards updates from IETF working groups addressing messaging authentication.

Notable Incidents and Case Studies

Documented incidents illustrate impacts across regions and sectors: campaigns distributing FluBot in Europe and Australia, credential‑harvesting SMS waves affecting users of Google and Microsoft services, SIM swap operations resulting in high‑value cryptocurrency thefts from traders dealing with Binance and Bitfinex, and targeted executive compromises aligned with spear‑phishing operations against companies such as Sony Corporation and Uber Technologies. Law enforcement takedowns and civil actions have involved coordination with firms like Cloudflare, Amazon Web Services, Google and Microsoft to disrupt infrastructure and recover assets.

Category:Cybercrime