20 Smishing Statistics To Know in 2023

Throughout the years, hackers have come up with numerous ways to extract sensitive information from other users. Smishing is one of those methods. It involves sharing links to phishing websites via SMS.

Here’s how it works:

You receive a message with a link saying there’s an issue with your PayPal or Amazon account, for example. However, these websites are actually duplicates designed to steal your credentials. Once you type them, the hackers gain access to your real account.

So, how often do these attacks take place and how dangerous are they? Let’s have a look at these smishing statistics to find out!

Contents

Unreal smishing statistics

Before we discuss each fact individually, here are the ones that really stand out:

  • Less than 35% of people are familiar with smishing.
  • In April 2022, hackers sent an average of 2,649,564,381 smishing messages per week.
  • In 2020, American consumers lost over $86 million in such scams.
  • 74% of organizations experienced a smishing attack in 2021.
  • A Singaporean bank lost about $10 million in one such attack.

General smishing statistics

Smishing attacks have been devastating in recent years. The following  stats paint a convincing picture:

1. Less than 35% of people know what smishing is.

(Source: Proofpoint)

Proofpoint conducted a study showing that less than 35% of the population is familiar with smishing. Among those between the ages of 23 and 38, 34% were able to define it correctly. Furthermore, only 22% of participants aged between 18 and 22 knew what this type of attack is.

Data on the recognition of the word smishing

2. 63.5% of Japanese smartphone users neither know the name nor the meaning of smishing.

(Source: Statista)

According to a 2022 study, the majority of Japanese smartphone users have never heard about smishing. For those who don’t know, the term is a combination of the words “SMS” and “phishing.”

3. Hackers sent 2,649,564,381 smishing messages per week in April 2022.

(Source: Finextra)

Smishing stats show this type of attack happens more often than people realize. Just in April 2022, hackers sent 2,649,564,381 smishing messages every week. Additionally, 378,509,197 spam SMS messages were sent per day that same month.

4. 16.92% of participants in a 2023 study fell for a smishing attack.

(Source: ResearchGate)

A 2023 CODASPY study showed that users are quite likely to fall for this attack. In the first go, 16.92% of users clicked on the link in the message. Moreover, when the conductors sent another text, 12.82% of participants made the same mistake.

5. In 2020, consumers in the US lost over $86 million in smishing scams.

(Source: Consumer Sentinel Network)

The CSN annual data book revealed that Americans lost a large amount of money to these scams. On top of that, there were 334,524 reports about them in 2020.

6. Smishing attacks have increased by 328% in Q3 2020 alone.

(Source: Proofpoint)

Proofpoint processes over 80% of mobile messages sent in North America. The company has reported a significant jump in smishing attempts in Q3 2020. In that time span, hackers impersonated financial institutions, tech companies, and content providers.

7. In the UK, smishing attacks grew by 700% in the first half of 2021.

(Source: Which?)

Smishing attempts have seen a substantial increase in the UK in the past few years. Experts believe hackers are taking advantage of new shopping trends that emerged due to the COVID-19 pandemic. For example, they usually target people getting deliveries.

8. Women and users between the age of 18 and 25 are more susceptible to smishing.

(Source: ARXIV)

According to a recent ARXIV study, some people are more prone to smishing attacks than others. Hackers had a higher success rate when targeting women and participants aged 18 to 25.

9. 1 in 20 COVID-19 SMS messages was a smishing attempt.

(Symantec)

It was inevitable cybercriminals would try to use COVID-19 to get their hands on user data. In 2020, from January to early March, only 1 in 500 pandemic-related messages were described as risky. But later in March, roughly 5% of messages were smishing scams or a similar high-risk scheme.

Business smishing statistics

In this section we’ll check out how often companies face attacks through text messages:

10. 74% of organizations reported experiencing a smishing attack in 2021.

(Source: IBM)

Hackers who use smishing don’t only target individuals. They often try to steal information from companies via the same techniques. Almost three-quarters of organizations experienced such an attack in 2021. This also marked a 13% increase from 2020.

11. 32% of companies say they offer smishing and vishing training options.

(Source: Proofpoint)

Not that many companies offer training options for smishing and vishing (phone calls and voice messages). This makes it obvious that awareness about these attacks isn’t high enough.

12. Government employees and farming, fishing, and forestry employees have the highest potential smishing success rate (25%).

(Source: ARXIV)

An ARXIV study tested the impact of user profiles on smishing success rate. It suggests that employees in the government and farming, fishing, and forestry fields are most likely to fall victim. The study also included technicians, none of whom fell for the scam.

Spam texts statistics

If you want to stay safe, differentiating between genuine and spam messages is important. Otherwise, you may end up handing your sensitive data to cybercriminals. Let’s take a better look at the numbers:

13. 65% of Americans would delete an SMS from an unknown sender.

(Source: Truecaller)

Awareness is the key to not becoming a victim of smishing. If you know that text messages from unknown senders are a risk, you probably won’t open them. More than half of Americans said they would instantly delete an SMS from unknown senders.

14. In 2021, 82% of people said they recently received a suspicious message over text and other means of communication.

(Source: Ofcom)

Scammers are always looking for potential victims. Therefore, it doesn’t come as a surprise that more than 8 in 10 people said they got suspicious messages.

15. In 2021, 58% of Americans said they’re receiving more spam texts than they did in 2020.

(Source: Truecaller)

The number of spam calls and texts is increasing every year. According to a 2021 study, 3 in 5 people in the US confirmed this. Only 14% of the respondents said they received fewer messages.

16. Americans received 44% more spam texts and calls during the first two weeks of the COVID-19 quarantine period.

(Source: SafetyDetectives)

Scammers like to use stressful situations to make users reveal their data. That’s why they took their chance during the first two weeks of the nationwide quarantine period in the US. 

Cybercriminals pretended to be the Federal Communications Commission (FCC) and other major institutions in text messages.

17. Only 18% of participants in a study were able to recognize fake emails and SMS messages.

(Source: Tessian)

Lloyd TSB carried out a study that revealed only a small percentage of people can identify a fake message. Participants were given 20 emails and texts. Their task was to identify the 10 inauthentic ones.

Recent smishing attacks statistics

Earlier, we’ve seen there have been more and more smishing attacks in the last couple of years. Let’s look at some of the most recent campaigns against large enterprises:

18. A Singaporean bank lost about $10 million in a smishing scam.

(Source: Tech Wire Asia)

Smishing attacks rocked the island nation at the end of 2021 and the start of 2022. Hackers managed to steal SGD$ 13.7 million from 790 users. This amounts to about $10 million USD. 

Furthermore, smishing stats on recent scams show that this is one of the biggest ones in this category.

19. In 2020, the Bank of Ireland had to reimburse €800,000 to 300 customers after a smishing scam.

(Source: The Irish Times)

In 2020, scammers tricked users via SMS into believing they’re the Bank of Ireland. They sent official-looking mobile phone texts and stole account information from as many as 300 clients.

After a public backlash, the bank had to reimburse customers with a total sum of €800,000.

20. Hackers stole $100,000 from Fifth Third Bank clients through a smishing campaign in 2018.

(Source: KrebsonSecurity)

In this attack, hackers sent users messages saying their bank accounts got locked and asked them to log in. They also included a link to their phishing site to steal their credentials. Finally, they ended up withdrawing about $100,000 from ATMs across the US.

Shortly after, the authorities arrested four men in connection to the attack.

Wrap up

Smishing has emerged as a major security threat and it’s alarming how many people aren’t aware of it. As long as you use a mobile phone, you should be able to identify spam texts and avoid opening them.

As shown by the smishing statistics above, there’s no doubt we’ll see more such attempts from scammers. No one can protect phone owners but themselves.

Sources:

  1. Proofpoint
  2. Statista
  3. Finextra
  4. ResearchGate
  5. Consumer Sentinel Network
  6. Proofpoint
  7. Which?
  8. ARXIV
  9. Symantec
  10. IBM
  11. Proofpoint
  12. ARXIV
  13. Truecaller
  14. Ofcom
  15. Truecaller
  16. SafetyDetectives
  17. Tessian
  18. Tech Wire Asia
  19. The Irish Times
  20. KrebsonSecurity