Mobile-based social engineering can include creating a malicious app for smartphones and tablets with a very attractive feature that will lure users into downloading and installing the app on their devices. To mask the true nature of the malicious app, attackers use names similar to those of popular apps on the official app stores. Once the malicious app has been installed on the victim's device, the app can retrieve and send the victim's user credentials back to the attacker.

Another form of mobile-based social engineering is known as smishing. This type of attack involves attackers sending illegitimate SMS messages to random people with a malicious URL, asking the potential victim to respond by providing sensitive information.

Attackers sometimes send SMS messages to random people, claiming to be a representative from their bank. The message contains a URL that looks very similar to the official domain name of the legitimate bank. An unsuspecting person may click on the malicious link that leads them to a fake login portal that will capture a victim's username and password and even download a malicious payload onto the victim's mobile device.

In the following section, we will cover social engineering through social networking.