Keepnet Labs Logo
Keepnet Labs > blog > smishing-statistics-2023-the-latest-trends-and-numbers-in-sms-phishing

Smishing Statistics 2024: The Latest Trends and Numbers in SMS Phishing

The 2024 Smishing Statistics reveal a worrying increase in SMS phishing attacks. SMS phishing statistics present significant insights into the tactics used by cybercriminals and their trend and impact on global cybersecurity. These statistics offer significant data and effective strategies to protect yourself against smishing, making it a must-read for anyone looking to enhance their security against SMS phishing.

Smishing Statistics 2024: The Latest Trends and Numbers in SMS Phishing

In 2024, SMS phishing threats continue to evolve. Smishing leverages the widespread use of smartphones and people's trust in text messaging as a communication tool. The latest smishing statistics for 2024 reveal alarming trends and numbers, indicating a significant increase in SMS phishing attacks. This article explores the current state of smishing and reveals the latest smishing statistics, trends, and the evolving tactics cybercriminals use.

Smishing is not just a technological threat but a sophisticated psychological attack that leverages the trust and immediacy associated with text messaging. As mobile users continue to rely heavily on SMS for communication, it's important to be aware of smishing and its potential dangers. Recognizing the signs and being cautious can make all the difference in safeguarding one's personal and financial well-being.

Key Smishing Statistics 2024

Key Smishing Statistics 2024.jpg
  • Awareness Level: Only 23% of users over 55 can correctly define smishing, while 34% of millennials know the term.
  • Financial Impact: In 2020, the IC3 reported over 240,000 victims of phishing, smishing, vishing, and pharming, costing over $54 million in losses. The average financial damage from smishing is $800 per individual globally.
  • Rising Trend: Smishing attacks surged 328% in 2020. In just one year, 76% of businesses were targeted by smishing attacks.
  • COVID-19 Exploitation: 44% of US Americans noticed an uptick in scam phone calls and text messages during the initial two weeks of the nationwide quarantine.
  • 2FA Vulnerability: The National Institute for Standards and Technology (NIST) advises against using SMS-based 2FA due to vulnerabilities.
  • Local Deception: Hackers often use local numbers, making their messages appear more authentic.
  • Mobile Threat: 17% of enterprise users encountered phishing links on their mobile devices.
  • Tax Scams: In the UK, 846,000 people reported tax scams involving fake notifications from HMRC in 2020.
  • Fake Delivery Notifications: With the rise of e-commerce, fake delivery notifications have become a prevalent smishing method..
  • Messaging App Vulnerabilities: An international hacking agency, "Dark Caracal", exploited apps like WhatsApp and Signal to send phishing links.
  • Reporting Mechanism: Major US mobile carriers support a fraud text reporting service, where suspicious messages can be forwarded to the number 7726 (SPAM).
  • Smishing in the UK: Smishing incidents in the UK increased by 700% in the first six months of 2021.
  • Lloyds TSB Study: Only 18% of participants could correctly identify fake emails and texts.
  • US Consumers: In 2019, US consumers lost over $86 million due to SMS phishing.
  • Awareness by Country: France had the highest awareness of smishing, while only 36% of surveyed participants in the US knew what smishing was.
  • Smishing Trend: The prevalence of smishing attacks increased from 75% in 2021 to 76% in 2022.
  • Organizational Training: Only 32% of organizations offer smishing simulations, but 79% offer formal training for phishing attacks.
  • Generational Awareness: Millennials and Gen X were more aware of smishing in 2019 than other generations.
  • Smishing by Country: Spain faced the highest risk of smishing attacks in 2019 at 100%.
  • FBI Reports: The FBI's 2020 Internet Crime Report revealed that losses due to smishing amounted to over $54.2 million in 2019.
  • Malware: Malware and malicious websites are often used in smishing attacks.
  • COVID-19 Smishing: Cybercriminals exploited the COVID-19 pandemic, sending scam texts related to the virus and vaccines.
  • Smishing Frequency: In 2021, 58% of Americans reported receiving more spam texts and calls than in 2020.
  • Demographics: In 2022, the Hispanic demographic received fewer spam texts than the White or Black communities.
  • Cybersecurity Awareness against Smishing: With targeted training, organizations can increase in employees' ability to recognize and report SMS phishing incidents by 87% within three months.
  • Tax Scams as a Primary Tactic: Among the diverse strategies employed in smishing campaigns, tax scams stand out for their frequency and effectiveness. These scams exploit the general public's concerns and obligations related to tax filings, making them particularly convincing and dangerous.
  • The Surge of Spam Texts in America: It has been revealed that, on average, Americans are inundated with nearly 41 spam texts per person each month. This smishing statistic underscores the widespread nature of unsolicited communications, highlighting the scale at which individuals are targeted by potentially malicious actors.

SMS phishing statistics emphasize the growing threat of smishing and the importance of security awareness training and protective measures against cybercrime.

SMS Phishing (Smishing) Real-Life Examples

SMS Phishing (Smishing) Real-Life Examples.jpg

The following detailed real life smishing examples from recent years illustrate tactics used by Smishers. It also shows the wide range of smishing scenarios in which individuals and institutions have been targeted. By revealing these real-life smishing incidents, you can increase security awareness to strengthen defenses against smishing.

Here are some real smishing attack incidents in recent years:

2018: Fifth Third Bank Smishing and ATM Fraud

  • Incident Description: Customers of Fifth Third Bank received deceptive SMS messages claiming their accounts were locked.
  • Scammers' Tactics: The messages included a fraudulent link, redirecting victims to a website mimicking the official bank site to "unlock" their accounts.
  • Victim Impact: Approximately 125 customers disclosed their banking credentials.
  • Financial Damage: Scammers withdrew $68,000 from 17 ATMs around Cincinnati using the stolen information.

2020: Operation Genmaicha: Large-Scale Smishing

  • Law Enforcement Action: Australian Federal Police discovered SIM boxes used in widespread smishing attacks, impersonating banks and telecom companies.
  • Operational Scale: Over 10,000 smishing messages were sent in a two-week period, illustrating the extensive reach of these operations.
  • Customer Impact: One bank reported 45 phished customers, with losses including more than $30,000 stolen from a single individual.

2021: Amazon Impersonation Scam

  • Incident Description: U.S. consumers received fake texts posing as Amazon, alerting them of suspicious account activity or delayed packages.
  • Scammers' Tactics: These texts often prompted recipients to click on malicious links under the guise of resolving the issue.
  • Financial Impact: Contributed to U.S. consumers losing approximately $5.8 billion to fraud in 2021, with a notable portion from imposter scams.

2021: Singapore Bank's Multi-Million Dollar Smishing Loss

  • Incident Overview: A smishing attack targeted a bank in Singapore, leading to S$13.7 million lost across 790 victims.
  • Average Loss Per Victim: Approximately S$17,300 (around $12,800 USD), highlighting the significant per-victim financial impact.
  • Broader Context: The scam underscores the costly nature of smishing, not just in immediate losses but also in reputational damage and potential customer attrition.

2021: The Royal Mail Scam

  • Incident Description: Fraudulent messages, claiming to be from Royal Mail, demanded additional payment to release parcels supposedly held up.
  • Scammers' Tactics: The scam directed victims to enter payment details on a fake website, leading to unauthorized bank withdrawals or purchases.
  • Incident Scale: There was a reported 1,077% increase in Royal Mail-related scam incidents in 2020.

2022: OCBC Bank SMS Phishing

  • Incident Description: Nearly 470 OCBC Bank customers lost at least $8.5 million to SMS phishing, where scammers impersonated the bank in text messages.
  • Scammers' Tactics: The messages contained links to phishing sites designed to steal banking credentials.
  • Financial Impact: Significant losses indicating the high level of sophistication in the scam operations.
  • Bank's Response: OCBC may have issued warnings and potentially reimbursed affected customers, emphasizing the importance of skepticism toward unsolicited banking texts.

2022: BNZ Text Scam Victimizing a Queenstown Woman

  • Incident Description: Savannah Jackson believed she received an SMS from BNZ, prompting her to log in and verify a new device added to her account.
  • Immediate Consequence: Upon entering her bank login details through the link provided, she witnessed unauthorized money transfers, totaling a loss of $42,000.
  • Scammers' Tactics: Utilizing a sense of urgency and legitimacy by mimicking bank alerts.

2022: FTC Scam Report Highlights

  • Report Findings: A sharp increase in victims of text-messaging scams, with losses reaching $330 million, significantly up from $131 million in 2021.
  • Average Loss: The median loss reported by victims was $1,000, doubling the amount from the previous year.

2022: Scammers' Urgency Tactic at JFK Airport

  • Victim's Experience: Alex Nemirovsky lost $49,000 after responding to an urgent scam text about his bank card needing attention before his flight.
  • Scammers' Approach: They crafted a convincing fake banking site complete with the Citibank logo to collect his credentials.
  • Aftermath: Nemirovsky discovered the fraud upon returning, highlighting the dangers of acting on unsolicited texts without verification.

2022: The UPS Text Scam

  • Scam Operation: Fraudulent SMS messages claimed to be from UPS, notifying recipients of package deliveries and requesting action through a provided link.
  • Wider Impact: This scam was part of a larger trend contributing to the $330 million lost to fraudulent texts in 2022, as reported by the FTC.

2023: HMRC Tax Fraud Warning

  • Government Alert: HMRC issued a warning about scam texts and emails targeting Self Assessment customers with fraudulent tax refund offers.
  • Reported Incidents: Over 130,000 reports of tax fraud in the year leading up to September 2023, with a significant focus on fake refunds.

2023: Apple ID Recovery Scam

  • Scam Mechanism: Fraudulent texts alerted recipients to unauthorized access of their iCloud accounts, urging password changes through a fake link.
  • Targeted Information: Aimed to harvest personal and financial information by exploiting fears of account compromise.

How to Protect Yourself from Smishing Attacks

Protecting oneself from smishing attacks is not just about being cautious; it's about being informed and proactive.

Here are some important tips to consider:

  1. Stay Informed: Knowledge is your first line of defense. Regularly educate yourself about the latest smishing tactics and trends. Many organizations and cybersecurity firms publish updates and warnings about new smishing schemes. Also, conduct smishing simulations to help employees understand different smishing attack vectors, monitor their behaviors, and provide the best training for their specific behavior.
  2. Verify the Source: Always be skeptical of unsolicited messages, especially those that ask for personal or financial information. If you receive a message from a bank or any other institution, call the official number on their website (not the one provided in the text) to verify its authenticity.
  3. Avoid Clicking on Suspicious Links: Cybercriminals often use shortened URLs to hide the actual web address in smishing texts. Before clicking on any link, hover over it to see the full URL. If it looks suspicious, do not click.
  4. Use Two-Factor Authentication (2FA): While SMS-based 2FA has vulnerabilities, using app-based 2FA or hardware security keys can add an extra layer of security to your accounts.
  5. Install Antivirus Apps: Just as computers need antivirus software, so do mobile devices. Several reputable antivirus apps are designed for mobile devices, offering protection against malware, phishing sites, and other threats.
  6. Regularly Update Your Device: Ensure your mobile device's operating system and apps are always updated. Manufacturers and app developers frequently release security patches to fix vulnerabilities.
  7. Be Wary of Caller ID Spoofing: Scammers can make it appear like they're calling or texting from a trusted organization. Remember that caller ID can be spoofed, so always verify the sender's identity.
  8. Report Suspicious Messages: If you receive a smishing text, report it to your telecom provider. In the US, for instance, you can forward the text to 7726 (SPAM). Reporting helps telecom companies track and block these malicious numbers.

Keepnet Labs' Pioneering Role in Tackling Smishing Threats

In the fight against smishing, proactive measures are as significant as reactive ones. This is where Keepnet Labs' Smishing Simulator comes into play, offering a comprehensive solution to tackle smishing threats effectively. The platform is designed to address several key areas:

  • Amplified Threat Awareness: Keepnet's Smishing Simulator uses real-world scenarios to train employees across various locations in detecting smishing threats. This hands-on approach ensures that staff are not just theoretically informed but practically prepared to identify and respond to smishing attempts.
  • Streamlined Reporting: One of the most significant challenges in combating smishing is the lack of a streamlined reporting mechanism. Keepnet's security awareness training educates staff about the nuances of smishing threats and provides a unified platform for reporting suspicious activities. This is particularly beneficial for large organizations like hotel chains, where a centralized reporting system is important.
  • Minimized Human Error: Human error is often the weakest link in cybersecurity. By exposing employees to simulated smishing attacks, Keepnet helps reduce the error margin. The simulations are designed to mimic real-world scenarios, making the training as realistic as possible.
  • Fostering Security Culture: Cybersecurity is not just an IT issue; it's an organizational one. Keepnet's regular training sessions aim to create a proactive security culture. Employees become active participants in the cybersecurity strategy, making the system more robust.
  • Regulatory Compliance: With the increasing number of cybersecurity regulations, compliance has become a significant concern for organizations. Keepnet's frequent simulations ensure the organization adheres to various cybersecurity regulations, thereby minimizing legal risks.
  • Efficient Risk Management: Managing human risk is complex, especially for organizations across multiple locations. Keepnet's platform provides a centralized system for managing this risk, offering real-time monitoring and feedback. This ensures continuous improvement and helps in identifying potential areas of concern.
  • Real-time Monitoring: The Smishing Simulator doesn't just stop at training; it goes further by tracking employee behavior during simulations. This real-time monitoring helps identify weaknesses and determine training needs across all locations. The collected data is invaluable for refining future training programs and enhancing the organization's cybersecurity posture.

Next Steps

Don't leave your organization's security to chance. Equip your team with the tools and knowledge they need to combat smishing and other cyber threats effectively.

👉 Start Your Free Trial Today!

Also, watch our YouTube video to discover how our smishing simulator offers robust protection against SMS phishing threats. This tool not only educates but also empowers you to recognize and respond to smishing attempts proactively. Learn the functionalities and benefits of our simulator, designed to enhance your cybersecurity defenses in a practical, engaging way.

Editor's note: This blog was originally published in 2023 but was updated in March 2024.



Schedule your 30-minute demo now

You'll learn how to:
tickInitiate SMS phishing simulations swiftly to elevate your team's defense against Smishing risks.
tickEngage your staff with practical SMS phishing scenarios to sharpen their alertness and readiness.
tickGenerate tailored reports detailing your employees' missteps, identifying precise opportunities for enhancing cybersecurity measures.

Frequently Asked Questions

What is smishing?

arrow down

Smishing, short for "SMS phishing," is a cyberattack method where scammers send deceptive text messages to trick individuals into divulging personal information, financial details, or login credentials.

How prevalent are smishing attacks in recent years?

arrow down

Smishing attacks have significantly risen, with a 328% increase reported in 2020 alone. The growing reliance on mobile communication makes SMS a lucrative channel for cybercriminals.

Are certain countries more susceptible to smishing attacks?

arrow down

While smishing is a global issue, certain countries, like Spain in 2019, faced a higher risk of smishing attacks. The UK also reported a 700% increase in smishing incidents in the first half of 2021.

How much financial damage is caused by smishing attacks annually?

arrow down

In 2019, US consumers alone lost over $86 million due to SMS phishing. The average financial damage from smishing globally is estimated at $800 per individual.

Are telecom companies taking measures against smishing?

arrow down

Major telecom providers are investing in advanced technologies and collaborating with cybersecurity experts to detect and block fraudulent messages, thereby actively working on solutions to combat smishing.

What role do platforms like Keepnet Labs' Smishing Simulator play in combating smishing?

arrow down

Platforms like Keepnet Labs' Smishing Simulator offer hands-on training using real-world scenarios, helping employees detect and respond to smishing attempts. They also provide real-time monitoring streamlined reporting, and foster a proactive security culture.

Are certain demographics more targeted by smishers?

arrow down

While smishing can target anyone, studies in 2022 showed that the Hispanic demographic received fewer spam texts than the White or Black communities. However, everyone should remain vigilant, irrespective of demographics.

Why is it important to educate others about smishing?

arrow down

With the collective effort of staying informed and educating others, we can create a more formidable defense against smishing and other cyber threats, ensuring a safer digital environment for everyone.

What Are the Latest Trends in Smishing Attacks for 2024?

arrow down

The latest trends in smishing attacks for 2024 include using more personalized messages based on harvested data, integrating malicious links that mimic reputable websites, and targeting specific industries such as banking and healthcare with tailored scams. These smishing statistics or trends underscore the importance of staying vigilant and informed about smishing techniques to protect sensitive information.

How Can Individuals and Organizations Protect Against Smishing in 2024?

arrow down

To guard against smishing effectively in 2024, individuals and organizations should adopt a multi-layered approach to cybersecurity. This includes educating employees and the signs of smishing attacks, such as unsolicited personal or financial information requests and suspicious links in text messages. Strong password policies, two-factor authentication, and regular security updates for mobile devices can further mitigate risks. Organizations might also consider investing in SMS phishing detection and response tools to proactively identify and neutralize threats.

What Impact Does Smishing Have on Cybersecurity Measures in 2024?

arrow down

The impact of smishing on cybersecurity measures in 2024 is significant, prompting both private and public sectors to reassess and strengthen their defense strategies. As smishing attacks become more common and sophisticated, there's a growing recognition of the need for advanced threat detection systems to identify and block fraudulent SMS messages. Additionally, the rise in smishing is driving efforts to improve awareness and education on mobile security best practices, highlighting the critical role of informed behavior in preventing such attacks.

Where Can I Find Reliable Smishing Statistics and Reports for 2024?

arrow down

Reliable smishing statistics and reports for 2024 can be found through various authoritative sources. You can get info from this blog. Also, you can get more details from cybersecurity research organizations, government agencies dedicated to cybercrime prevention, and reputable cybersecurity news websites.

iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate