Research

Smishing Attacks: How Cyber Criminals Target Your Phone

By: Gonipalli Bharath, Vel Tech University, Chennai, India, International Center for AI and Cyber Security Research and Innovations, Asia University, Taiwan, Gmail: gonipallibharath@gmail.com

Abstract:

Smishing, derived from the word “SMS phishing,” refers to cyberattacks that use text message to trick people into disclosing confidential data. This paper looks into the concept of smishing, its increasing prevalence, and the techniques utilized by hackers. It also discusses practical techniques to combating smishing while guaranteeing the security of both financial and personal data.

Introduction:

Mobilization turned out to be one of the most efficient methods of communication. On the other hand, it has opened new doors to cyber criminals. Smishing is an attack that acts using trust through their legitimate looking messages and then then attacks their victims’ devices with malware or steals their login credentials and other sensitive financial data. Due to the ever-rising incidents of smishing, awareness and education about how such attacks happen and preventive measures are vital.

Visualizing an SMS Phishing (Smishing) attack: A step-by-step illustration fig [[1]]

Literature Survey:

  • Overview of Smishing Attacks:

The increasing use of mobile communication has increased the rate of cyberattacks, and smishing is one of the most common forms of SMS-based phishing attacks. Smishing takes advantage of the trust users have in text messages and their fast, often unverified, response to SMS requests, users are more likely to trust SMS over email, making smishing a more effective attack vector for cybercriminals [[2]].

  • Psychological Tactics in Smishing:

Smishing attacks are very much characterized by the use of social engineering techniques. Attackers use urgency, fear, and curiosity to make victims do certain things. Most messages, claiming to come from banks, e-commerce websites, or even government agencies, provoke urgent actions that may make users disclose personal information or click on malicious links [[3]].

  • Technological Detection Methods:

Natural language processing (NLP) and machine learning are two advanced detection techniques that are becoming more popular in the fight against smishing assaults. An NLP-based classifier was proposed with high accuracy rate in identifying suspicious SMS trends [[4]]. Similarly, AI-powered spam filters that dynamically learn to respond to the constantly changing landscape of smishing techniques with scalable defense against such threats affecting telecom operators and end-users [[5]].

  • User Awareness and Education:

Awareness campaigns have been an essential part of reducing incidents of smishing. Workshops and digital literacy programs greatly reduce user susceptibility to smishing. Most of the attacks can be prevented by simply educating users to check for link verification and phishing red flags [[6]].

  • Cooperative Efforts and Legislative Steps:

Smishing countermeasures require the collaboration of telecom carriers, cybersecurity organizations, and law enforcement agencies. The need for stringent legal frameworks that will force telecom carriers to report incidents of smishing and also ensure severe punishments for hackers [[7]].

  • Practical Countermeasures:

MFA has been considered one of the major strategies to reduce the risk of unauthorized access to sensitive data. the use of AI-driven spam filters in messaging applications, which can block phishing attempts in real time [[8]].

Methodology:

Proposed methodologies to understand and combat smishing:

Identifying Patterns:

  • Collect smishing messages.
  • Analyze shared themes and psychological tricks employed by attackers.

Detection Mechanisms:

  • Machine learning algorithms for suspicious text content pattern detection.
  • Use NLP for message content analysis.

Awareness Campaigns:

  • Educate citizens on awareness of attempted smishing.
  • Provide simple guidelines for SMS usage.

Technological Solutions:

  • Include spam filters and anti-virus in the messaging application.
  • Telecom operators should block bad numbers.

Conclusion:

Smishing is a significant cyber threat owing to the instigation of trust as well as naivety within a mobile user. To counter this risk, detection systems should be advanced in development alongside those already built around such complaints, and the users be exposed to awareness on the matter. The more the involvement of individuals or organizations or even telecom providers, the more safety can be assured in the digital ecosystem.

References:

  1. Al Hwaitat, Ahmad K., Hussam N. Fakhouri, Moatsum Alawida, Mohammed S Atoum, Bilal Abu-Salih, Imad K. M. Salah, Saleh Al-Sharaeh, and Nabil Alassaf. “Overview of Mobile Attack Detection and Prevention Techniques Using Machine Learning.” International Journal of Interactive Mobile Technologies 18, no. 10 (May 15, 2024): 125–57. https://doi.org/10.3991/ijim.v18i10.46485.
  2. Alabdan, Rana. “Phishing Attacks Survey: Types, Vectors, and Technical Approaches.” Future Internet 12, no. 10 (October 2020): 168. https://doi.org/10.3390/fi12100168.
  3. Joo, Jae Woong, Seo Yeon Moon, Saurabh Singh, and Jong Hyuk Park. “S-Detector: An Enhanced Security Model for Detecting Smishing Attack for Mobile Computing.” Telecommunication Systems 66, no. 1 (September 1, 2017): 29–38. https://doi.org/10.1007/s11235-016-0269-9.
  4. Joshi, Sandeep, Amit Kumar Bairwa, Milena Radenkovic (Computer scientist), and Anton Pljonkin. Cyber Warfare, Security and Space Computing: Second International Conference on Cyber Warfare, Security and Space Computing, SpacSec 2024, Jaipur, India, February 22–23, 2024, Proceedings. Springer Nature, 2025.
  5. Rajeev, Kumar, Srivastava Saurabh, and Elngar A Ahmed. Effective Strategies for Combatting Social Engineering in Cybersecurity. IGI Global, 2024.
  6. Schreider, Tari. Cybersecurity Law, Standards and Regulations, 2nd Edition. Rothstein Publishing, 2020.
  7. Siddiqi, Murtaza Ahmed, Wooguil Pak, and Moquddam A. Siddiqi. “A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures.” Applied Sciences 12, no. 12 (January 2022): 6042. https://doi.org/10.3390/app12126042.
  8. Tayyab, Muhammad, Khizar Hameed, Majid Mumtaz, Syeda Mariam Mariam Muzammal, Poornima Mahadevappa, and Aleena Sunbalin. “AI-Powered Threat Detection in Business Environments: Strategies and Best Practices.” In Generative AI for Web Engineering Models, 379–436. IGI Global Scientific Publishing, 2025. https://doi.org/10.4018/979-8-3693-3703-5.ch018.
  9. AlZu’bi, S., Shehab, M., Al-Ayyoub, M., Jararweh, Y., & Gupta, B. (2020). Parallel implementation for 3d medical volume fuzzy segmentation. Pattern Recognition Letters, 130, 312-318.
  10. Stergiou, C. L., Plageras, A. P., Psannis, K. E., & Gupta, B. B. (2020). Secure machine learning scenario from big data in cloud computing via internet of things network. Handbook of Computer Networks and Cyber Security: Principles and Paradigms, 525-554.
  11. Rahaman M. (2025) Policy and Legal Frameworks for Combating Smishing: A Global perspective, Insights2Techinfo, pp.1

Cite As

Bharath G. (2025) Smishing Attacks: How Cyber Criminals Target Your Phone, Insights2Techinfo, pp.1

82580cookie-checkSmishing Attacks: How Cyber Criminals Target Your Phone
Post Views: 23
Share this:

Leave a Reply

Your email address will not be published.