Smishing Attacks in the Age of Mobile Phones: A Growing Cybersecurity Concern

By: Gonipalli Bharath, Vel Tech University, Chennai, India & International Center for AI and Cyber Security Research and Innovations, Asia University, Taiwan, Gmail: gonipallibharath@gmail.com

Abstract:

The ever-increasing, exponential growth in the use of mobile phones worldwide has indeed forced cybercriminals to quickly adapt their techniques and exploit this pervasive technology. Smishing is one form of phishing through SMS that has emerged as a serious cybersecurity threat. This paper discusses the mechanisms of smishing attacks, the rise in smishing incidents, possible impacts on individuals and organizations, and appropriate mitigation strategies. Understanding the ever-changing tactics of cybercriminals will help users and security professionals alike in better protecting sensitive data in the mobile-first era.

Introduction:

In modern times, mobile phones are becoming an important gadget for communication, banking, shopping, and even accessing confidential information. This convenience also entails the increased risk of cybersecurity. Smishing, coined from “SMS” and “phishing,” is a fraudulent action whereby attackers send messages to unsuspecting victims to steal their passwords, credit card numbers, and social security numbers[^[1]].

Understanding Smishing Attacks

Smishing attacks involve fraudulent messages that are aimed at deceiving the recipient to perform certain actions, which have some implications on security. Most of the smishing attacks present themselves as actual messages from organizations like banks, government agencies, and well-recognized companies. Most of them use urgency in nature, telling the recipient to click on some links, download some attachments, or call their customer service. Attackers will make such messages convincing by employing social engineering and psychological manipulation in order to elicit sensitive information from unsuspecting people [^[2]].

The Rising Attack Surface of the Threat Landscape

Smishing attack cases increased simply because the amount of people started depending more on their mobiles for all professional and personal dealings. While making smartphones central to life’s actions, the potential target value they offer is undeniable to active cybercriminals. The reason why the attack surface is enlarging includes increased usage of mobile phones, limited user awareness related to SMS scams, and dynamically changing tactics used by the attackers. The methods have become more sophisticated, including personalized messages and exploiting current events to increase the rate of successful attacks[^[3]].

Impact of Smishing Attacks

The aftermath of being a victim of smishing attacks is devastating. People may lose financially through unauthorized transactions and may be victims of personal information theft which may further lead to identity theft. Further fraud can be committed with this stolen information, accounts opened in the victim’s name, or even sold on the dark web. Smishing attacks could lead to serious reputational consequences, legal liability, and even financial losses if employees unwittingly reveal corporate information. It has a great psychological impact on victims, which results in stress and loss of trust in digital communication[^[4]].

Mitigation Strategies

Smishing attack risks are to be mitigated by using multi-layered strategies. It is about user education, training users on which messages could be suspicious and not to click on links that are not well known. Additionally, 2FA introduces one more layer of security, which will make it difficult for attackers to get unauthorized access, even with compromised credentials. Advanced spam filters and security software can help in the detection and blocking of such messages even before the user receives them. Besides, reporting suspicious SMS to the relevant authorities can help in tracking and reducing the prevalence of smishing attacks[^[5]].

Conclusion:

As mobile technology continues to get better, so too do cybercriminals change their means continuously. Smishing attacks are fast becoming a full-fledged part of cybersecurity. Combating the issue requires all aspects: knowledge, technological barrier, and finally, being proactive in relation to security measures. By simply being aware, informed, and watchful, one can very well minimize becoming victims of this devious deceit.

References:

1. Clasen, Max, Fudong Li, and David Williams. “Friend or Foe: An Investigation into Recipient Identification of SMS-Based Phishing.” In Human Aspects of Information Security and Assurance, edited by Steven Furnell and Nathan Clarke, 148–63. Cham: Springer International Publishing, 2021. https://doi.org/10.1007/978-3-030-81111-2_13.
2. Haizam, Mohamad Nurhafiz Bin, and Nurul Huda binti Nik Zulkipli. “Analysing The Impact of Smishing Attack in Public Announcement System on Mobile Phone.” Procedia Computer Science, 9th International Conference on Computer Science and Computational Intelligence 2024 (ICCSCI 2024), 245 (January 1, 2024): 1165–74. https://doi.org/10.1016/j.procs.2024.10.346.
3. Kumarasinghe, Prasadi, Dushan Dissanayake, Prarthana Gamage, and Gamage Upeksha Ganegoda. “User Behavior Analysis in Determining the Vulnerable Category of Vishing and Smishing.” In 2023 5th International Conference on Advancements in Computing (ICAC), 35–40, 2023. https://doi.org/10.1109/ICAC60630.2023.10417682.
4. “Model For Mitigating Smishing Attacks On Mobile Platforms | IEEE Conference Publication | IEEE Xplore.” Accessed February 1, 2025. https://ieeexplore.ieee.org/abstract/document/9698789.
5. Ustundag Soykan, Elif, and Mustafa Bagriyanik. “The Effect of SMiShing Attack on Security of Demand Response Programs.” Energies 13, no. 17 (January 2020): 4542. https://doi.org/10.3390/en13174542.

6. Max Clasen, Fudong Li, and David Williams, “Friend or Foe: An Investigation into Recipient Identification of SMS-Based Phishing,” in Human Aspects of Information Security and Assurance, ed. Steven Furnell and Nathan Clarke (Cham: Springer International Publishing, 2021), 148–63, https://doi.org/10.1007/978-3-030-81111-2_13. ↑

7. Model For Mitigating Smishing Attacks On Mobile Platforms | IEEE Conference Publication | IEEE Xplore,” accessed February 1, 2025, https://ieeexplore.ieee.org/abstract/document/9698789. ↑

8. Mohamad Nurhafiz Bin Haizam and Nurul Huda binti Nik Zulkipli, “Analysing The Impact of Smishing Attack in Public Announcement System on Mobile Phone,” Procedia Computer Science, 9th International Conference on Computer Science and Computational Intelligence 2024 (ICCSCI 2024), 245 (January 1, 2024): 1165–74, https://doi.org/10.1016/j.procs.2024.10.346. ↑

9. Elif Ustundag Soykan and Mustafa Bagriyanik, “The Effect of SMiShing Attack on Security of Demand Response Programs,” Energies 13, no. 17 (January 2020): 4542, https://doi.org/10.3390/en13174542. ↑

10. Prasadi Kumarasinghe et al., “User Behavior Analysis in Determining the Vulnerable Category of Vishing and Smishing,” in 2023 5th International Conference on Advancements in Computing (ICAC), 2023, 35–40, https://doi.org/10.1109/ICAC60630.2023.10417682. ↑

11. Deveci, M., Pamucar, D., Gokasar, I., Köppen, M., & Gupta, B. B. (2022). Personal mobility in metaverse with autonomous vehicles using Q-rung orthopair fuzzy sets based OPA-RAFSI model. IEEE Transactions on Intelligent Transportation Systems, 24(12), 15642-15651.
12. Lv, L., Wu, Z., Zhang, L., Gupta, B. B., & Tian, Z. (2022). An edge-AI based forecasting approach for improving smart microgrid efficiency. IEEE Transactions on Industrial Informatics, 18(11), 7946-7954.
13. Brijith A. (2023) Real-time Anomaly Detection, Insights2Techinfo, pp.1

Cite As

Bharath G. (2025) Smishing Attacks in the Age of Mobile Phones: A Growing Cybersecurity Concern, Insights2Techinfo, pp.1

830800cookie-checkSmishing Attacks in the Age of Mobile Phones: A Growing Cybersecurity Concernyes