By: Mosiur Rahaman, International Center for AI and Cyber Security Research and Innovation, Asia University, Taiwan
Abstract:
In order to acquire sensitive user data, including bank account information, passwords, user credentials, credit card information, and more, the intruder uses smishing, a mobile device attack, to send the target text messages with malicious URLs, phone numbers, or email addresses. The user is instructed by the intruder to either click on the link or call the number or email address provided in the SMS. By examining actual smishing incidents and their impact on communication systems, this article looks for to provide insights on smishing, its prevalence, how it operates, and its consequences for public safety and trust.
Introduction:
An emerging type of cybercrime is smishing. The 2024 State of the Phish report from Proofpoint states that 75% of firms faced smishing attacks in 2023 [1].
Your personal information is always being collected by scammers. After obtaining your information, they can waste your money, damage your credit, and steal your identity. Scammers are using increasingly sophisticated strategies, even while methods like dumpster diving are still employed to obtain private data. The attacker uses a phone call to trick the receiver into revealing confidential data, with the purpose to damaging them. In this case, an individual may receive a call from their bank’s contact center outside of regular working hours. The attacker may exploit the information acquired to commit crimes like stealing an identity. Target individuals are typically tricked into disclosing personal information through web forms [2].
What is Smishing?
A social engineering tactic known as “smishing” employs fraudulent mobile text messages to fool users into installing malicious software, disclosing private information, or transferring money to scammers on the internet. Smishing is a composite word that combines the terms “phishing” with “SMS,” or short messaging service, which refers to the technology used to transmit text messages [3].
A number of causes are responsible for an increase in smishing. One reason is that the scammers that carry out these attacks, also referred to as “smishers,” are aware that victims are more likely to click on text messages than links. In the meantime, other phishing methods, such as emails and phone calls, have had some difficulty reaching their targets due to improvements in spam filters [4].
How Smishing Works?
Sending a text message that looks like it came from a reliable source such a bank, government organization, delivery service, or social media site is how smishing operates. A phone number, website, or request for personal information could be included in the message. Smishing attacks can be done with some basic steps shown in Fig 1,
Generating Messages: Scammers generate a message that portrays an honest business. It also portrayed to be a bank reminding a recipient about questionable activity on their account.
Delivering Messages: Huge quantities SMS Services are used to send messages to targets. These notifications frequently have convincing source ID’s and look legitimate.
Target Interactivity: The target answers with confidential data or clicks on the given link. The URL can start downloading malicious code or divert to a phishing website.
The Data Gathering: For the purpose of additional harmful activities, the attacker installs malicious software or gathers the target’s account information.

Key Reasons to the Prevalence of Smishing:
There are several reasons, we explain some primary reason and shown in detail in Fig 2,
Mobile Device Universality: With more than 6 billion smartphone users worldwide, intruders have a large possible target base.
Poor Skills: A lot of users don’t know how to spot fake messages or about smishing threats.
The lack of Security: Because SMS is not a communication medium with strong security procedures, it is more vulnerable to assault by malicious actors.
Faster response: Mobile consumers are used to reacting to communications very quickly, constantly without verifying their authenticity.

Conclusion:
In the digital era, smishing is a serious and growing risk that targets SMS, the most popular and reliable communication tool. Individuals and organizations can take preventative steps to reduce risks by being aware of its mechanics and effects. To protect mobile users from these clever threats of harm, education, technology, and legislation need to collaborate. Preventing smishing and other new cyberthreats requires being aware and alert as the digital environment changes. Additional research would be suitable for demonstrating any connections of weaknesses with cell phone operating systems and also to find whether or not the level of phishing vulnerabilities corresponds with the providers of mobile networks.
Reference:
- “What Is Smishing (SMS Phishing)? | IBM.” Accessed: Dec. 02, 2024. [Online]. Available: https://www.ibm.com/topics/smishing
- T. Sasi, A. H. Lashkari, R. Lu, P. Xiong, and S. Iqbal, “A comprehensive survey on IoT attacks: Taxonomy, detection mechanisms and challenges,” Journal of Information and Intelligence, Dec. 2023, doi: 10.1016/j.jiixd.2023.12.001.
- M. N. B. Haizam and N. H. binti N. Zulkipli, “Analysing The Impact of Smishing Attack in Public Announcement System on Mobile Phone,” Procedia Computer Science, vol. 245, pp. 1165–1174, Jan. 2024, doi: 10.1016/j.procs.2024.10.346.
- S. Mishra and D. Soni, “DSmishSMS-A System to Detect Smishing SMS,” Neural Comput & Applic, vol. 35, no. 7, pp. 4975–4992, Mar. 2023, doi: 10.1007/s00521-021-06305-y.
- Kasa A.S. (2024) AI Based Methods for Identifying Phishing Methods, Insights2Techinfo, pp.1
Cite As
Rahaman M. (2025) Understanding Smishing: An Introduction to Mobile Phishing Threats in the Digital Age, Insights2Techinfo, pp.1