By: Mosiur Rahaman International Center for AI and Cyber Security Research and Innovation, Asia University, Taiwan
Abstract:
With the reliability of using mobile phones for communication and services, attackers were attracted to targeting this type of device in performing their malicious intents by exploiting vulnerabilities in mobile infrastructure and human behavior. This article highlights the reason why smishing is a growing problem, identifies the global smishing trends, and the global increase in attacks, especially during the COVID-19 pandemic, and the efforts of national legal responses in order to combat this threat. Despite these measures, challenges remain due to mobile security vulnerabilities, phone number spoofing, and user behavior.
Introduction:
In today’s technological advancement, mobile phones have become part and important in daily life. It keeps people connected with others and make several services available [1]. But the convenience it gives does not come without its risks, one of those risk is the smishing, which is a phishing attack where an SMS is used to scam people into giving sensitive information, such as passwords, credit card details, or even personal identification numbers [2].These are specially crafted attacks to leverage trust by spoofing any legitimate organization, group, community, or even family you’re connected to, to trick victims.
Why Smishing is a Growing Problem?
The widespread use of mobile phones and increasing advancement of attackers make it easier to exploit trust and steal sensitive information through deceptive text messages. Smishing becomes the easiest way for hackers to steal data because the user is literally handing the hacker all the information [3]. And since people are increasingly glued to their phones, it’s no surprise that the number of smishing attacks has skyrocketed in recent years.
Proofpoint, a security software company that processes more than 80% of North America’s mobile messages, reported that only 23% of users over 55 had been able to correctly define smishing, but millennials didn’t do much better, as only 34% of people 23-38 years old can demonstrate their awareness of the term [4].
Global Smishing Trends:
Global smishing trends reveal a rapid rise in complex, cross-border attacks that exploit mobile communication platforms to target individuals and organizations worldwide. The 2024 smishing statistics highlight a troubling rise in SMS phishing targeting both individuals and organizations. In 2024, SMS phishing threats continue to evolve. Smishing leverages the widespread use of smartphones and people’s trust in text messaging as a communication tool [5]. Details shown in pie chart in figure 1.

Three of the key smishing statistics in 2024 are the rising trend, which indicates that the smishing attacks surged to 328% in 2020. In just one year, 75% of businesses were targeted by smishing attacks. The second one is the COVID-19 exploitation, 44% of US Americans noticed an uptick in scam phone calls and text messages during the initial two weeks of the nationwide quarantine. The third one is the tax scams. In the UK, 846,000 people reported tax scams involving fake notifications in 2020. The huge rise of smishing attacks in recent years indicates the growing threat to individuals and businesses alike that it poses. The rise in smishing incidents, particularly during the Covid-19 pandemic, highlights the vulnerability of people to scams during times of crisis, the prevalence of targeted attacks, such as tax scams in the UK, demonstrates the widespread and evolving nature of this cyber threat, emphasizing the need for enhanced security measures and awareness to protect against such fraudulent activities [6].
National Legal Responses
National legal responses about smishing have been evolving to address the increasing threat, with countries implementing stricter regulations and penalties to combat fraudulent text message schemes and protect citizens from cybercrimes. Legal authorities always reminding the public to continuously be vigilant against cyberattacks by not being complacent from text messages that the public receives as they recognize that this concern is addressed by data subjects such as the individuals and personal information controllers, which are the legal entities where they need to provide good data privacy practices. Individuals are advised not to click links from services they did not sign up for and exercise caution from clicking shortened links like tinyurl and bit.ly, companies are likewise reminded to protect and apply security controls on their database of personal information collected either physically or electronically [7]. Among the measures that were identified to address the problem was to set up a hub that will centralize complaints, and also the SIM registration scheme, which was designed to limit the options of the criminals and possibly lead to arrest, would increase the risk of the scammers [8].National legal responses to smishing are becoming more robust as countries introduce stricter regulations, penalties, and public awareness campaigns to combat cybercrime. By encouraging vigilance among individuals and businesses.
Challenges in Fighting Smishing:
Fighting smishing really shows significant challenges due to the rapid evolution of attack tactics that the attackers have made, the anonymity of the perpetrators, and the difficulty in effectively enforcing regulations across different borders. First of the three major challenges in mitigating and fighting smishing is the limitations of mobile phones affordances for judging message credibility, this is when people receives text messages on their phones, and then it’s often hard to tell if the message is genuine or scam, second is the characteristics of cellular network infrastructure that made the mobile phone numbers easily spoofed, meaning scammers can make it appear as if the message is coming from a trusted source, like government agency or companies, and the third one is the cognitive and context factors that affects mobile usage where people often feel rushed or distracted when using phones, leading to poor-decision making, for instance someone might quickly click a link in a text messages while multitasking without fully considering that it could lead to a scam or downloading a malware [9].
Conclusion:
The rising threat of smishing reflects a difficult challenge in our new technological era where most people are turning into mobile-dependent people. As attackers become more advanced and can easily exploit vulnerabilities in mobile phone usage and infrastructure, the rise in smishing attacks describes the urgent need for greater awareness and improved security measures. Despite the evolving national legal responses and stricter regulations in order to address these issues, combatting smishing remains a global challenge, and that is due to the limitations of mobile technology, the anonymity of scammers, and the cognitive factors influencing user behavior. To effectively minimize this threat if ever we can’t completely avoid it, it’s crucial for individuals, businesses, and governments to remain cautious on everything, promote better data privacy practices, and continue to strengthen laws and awareness campaigns that protect against these deceptive attacks in order to avoid being fooled by these scammers.
References:
- A. Harris and M. Cooper, “Mobile phones: Impacts, challenges, and predictions,” Human Behavior and Emerging Technologies, vol. 1, no. 1, pp. 15–17, 2019, doi: 10.1002/hbe2.112.
- M. Adlakha, “Mobile Commerce Security and Its Prevention,” in Mobile Commerce: Concepts, Methodologies, Tools, and Applications, IGI Global Scientific Publishing, 2018, pp. 433–449. doi: 10.4018/978-1-5225-2599-8.ch023.
- S. M. DeJong, “Chapter 11 – Recommendations for Professional Use of Social Media, Digital Technology, and the Internet,” in Blogs and Tweets, Texting and Friending, S. M. DeJong, Ed., San Diego: Academic Press, 2014, pp. 125–149. doi: 10.1016/B978-0-12-408128-4.00011-4.
- S. Mishra and D. Soni, “Smishing Detector: A security model to detect smishing through SMS content analysis and URL behavior analysis,” Future Generation Computer Systems, vol. 108, pp. 803–815, Jul. 2020, doi: 10.1016/j.future.2020.03.021.
- “CrowdStrike 2024 Global Threat Report.” Accessed: Feb. 04, 2025. [Online]. Available: https://go.crowdstrike.com/global-threat-report-2024.html?utm_campaign=cao&utm_content=crwd-cao-apj-sea-en-psp-x-wht-gtr-tct-x_x_x_x-x&utm_medium=sem&utm_source=goog&utm_term=global%20threat%20report&cq_cmp=10902423317&cq_plac=&gad_source=1&gclid=CjwKCAiA74G9BhAEEiwA8kNfpQjYgYW84wWN7Z6RD2k6r0UCKLq3c8R9THPWsyZIX7A91eDktow6_xoCq6EQAvD_BwE
- A. F. Al‐Qahtani and S. Cresci, “The COVID‐19 scamdemic: A survey of phishing attacks and their countermeasures during COVID‐19,” IET Inf Secur, vol. 16, no. 5, pp. 324–345, Sep. 2022, doi: 10.1049/ise2.12073.
- G. Sarkar and S. K. Shukla, “Behavioral analysis of cybercrime: Paving the way for effective policing strategies,” Journal of Economic Criminology, vol. 2, p. 100034, Dec. 2023, doi: 10.1016/j.jeconc.2023.100034.
- Je, “Interagency group vows to catch scammers behind smishing, text spams,” National Privacy Commission. Accessed: Feb. 04, 2025. [Online]. Available: https://privacy.gov.ph/interagency-group-vows-to-catch-scammers-behind-smishing-text-spams/
- C. Faklaris, “Mitigating Smishing: Challenges and Future Work,” Jan. 25, 2024, arXiv: arXiv:2401.14520. doi: 10.48550/arXiv.2401.14520.
- Navaneeth J. (2024) The Future of Cyber Defense: Machine Learning and Phishing, Insights2Techinfo, pp.1
Cite As
Rahaman M. (2025) Policy and Legal Frameworks for Combating Smishing: A Global perspective, Insights2Techinfo, pp.1