Smishing Statistics: The Menace of SMS-based Phishing Attack

Aditya Rayaprolu
close Aditya Rayaprolu

Updated · May 27, 2023

Aditya Rayaprolu

Joined February 2023

As a cloud architect at McKinsey with experience handling Fortune 500 clients, this individual has c... | See full bio


Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

Smishing is a form of data theft similar to phishing; more than 3.5 billion mobile phone users receive these messages daily. This targets those who use smartphones and mobile phones, including bank customers. 

Around 76% of organizations were targeted by smishing attacks. Furthermore, only around 22% of people aged 18–22 can define smishing and its consequences. 

Get to know why smishing is gaining popularity with these latest smashing statistics below.

Editor’s Choice

  • Smishing attacks boosted by 700% in the first six months of 2021.
  • Threat actors posing as postal delivery companies sent 53.2% of reported scam text messages.
  • Individuals clicking SMS-based links are between 8.9 percent and 14.5 percent.
  • U.S. phone users received more than 87 billion spam texts in total.
  • Losses amounted to $86 million in 2020.
  • Consumers lost more than $10 billion because of spam texts in 2021.
  • Roughly 14,000 smishing complaints were received in 2020.
  • Around 47 billion spam texts have been sent so far in 2021.
  • Only 23% of users were able to define smishing correctly.
  • The Bank of Ireland paid 800,000 Euros to over 300 customers who had fallen victim to smishing.

How Common Is Smishing?

Smishing increased by 13% in 2021, where 74% of organizations experienced it due to text messaging existing as an everyday communication channel.

While providing specific statistics on the prevalence of smishing attacks is challenging for individuals and businesses, staying alert and embracing security measures for this cyber threat are essential.

Read on to get information about these reports that shed light on smishing attacks' evolving nature.

Smishing Reports Statistics

According to the latest statistics, smishing attacks have detected an unimaginable increase of 24% in the U.S. alone. Over the previous year, it has been critical for individuals to stay vigilant in protecting themselves from this danger.

As the reliance on and use of mobile phones for communication continue to increase, educating users about the telltale signs of smishing is critical.

Smishing attacks skyrocketed, requiring immediate and urgent measures to avoid this inescapable cyber threat.

1. Smishing attacks boosted by 700% in the first six months of 2021.

(IT Pro)

In 2021, there was an increasing amount of smishing attacks, leading to an alarming surge of 700% for the first six months of the said year. This boost is due to attackers finding it an opportunity to exploit.

Also, the improvement in technology made it easier for attackers to send text messages all at once, boosting the efficiency and spread of their operation.

This disturbing craze highlights the significance of user vigilance and robust security procedures against cyber threats.


Smishing hackers know that individuals are likely to click on a link sent as a text message (SMS), allowing access to the recipient’s device.

Besides, one of the reasons is that the link seems to come from a trusted source, which creates a false sense of security, leading the recipient to click on it without giving it much thought.

The report mentioned that text message click-through rates range from 8.9% to 14.5%.

3. Roughly 14,000 smishing complaints were received in 2020.


The Federal Communications Commission received 14,000 smishing complaints, up 146% from the prior year.

These are unwanted text messages sent to Latinos when the COVID-19 pandemic started. They were about getting the recipient’s personal and banking information to receive help from an organization or government.

The Spanish-speaking community reported these text messages and called El Concilio, a pop-up vaccination clinic, to confirm if they were legitimate.

Smishing Damage and Loss Statistics

Smishing led to consequential damage and monetary loss for individuals and businesses. Cybercriminals manipulate the widespread use of technology and people's trust in the elements of a text message.

The statistics smear a grim picture of people losing millions of dollars to scammers. It involves fooling individuals into disclosing their personal information and luring them to click on links that can hack a device.

In the following section, the data will show the incidents of businesses and individuals concerning smishing and its loss.

4. Losses amounted to $86 million in 2020.


In 2020, a loss of $86 million was incurred due to smishing. Scammers saw it as a chance to fool helpless people during the COVID-19 pandemic. They sent fraudulent text messages, pretending to be an organization offering COVID-19 relief assistance, including a link to claim the package.

The impact of this attack was significant, as the messages targeted individuals seeking financial aid and support during the pandemic.

This occurrence led to financial losses and a loss of trust and confidence in the relief efforts, leaving authorities suffering the consequences of these fraudulent activities.

5. Consumers lost more than $10 billion because of spam texts in 2021.

(Consumer Reports)

Individuals lost over $10 billion in 2021 when approximately 8.7 billion spam texts were sent to U.S. phone numbers.

It took a financial toll on consumers as the unsolicited and deceptive text messages targeted them, unsuspecting individuals, as they fell victim to fraudulent schemes, bogus offers, and malicious links.

Cybercriminals manipulate these individuals’ vulnerability regarding telecommunication, taking advantage of the situation and getting access to their personal information.

6. The Bank of Ireland paid 800,000 Euro to over 300 customers who have fallen victim to smishing.

(The Irish Times)

The fraudsters imitated a legitimate entity to mislead individuals into disclosing their sensitive and personally identifiable information, resulting in a loss of 800,000 euros.

They successfully conned many Bank of Ireland customers into exposing their bank details and approving transactions, leading to a substantial payout by the bank.

This incident emphasizes the rising menace of smishing and the weakness that individuals encounter in today’s world. It acted as a reminder for people to remain observant of fraud and to adopt safety measures even when reading text messages.


Smishing statistics are vital to comprehending how smishing attacks work and their associated trends and impacts. By examining these, individuals can improve their security measures, determine powerless circumstances, and develop effective countermeasures.

Moreover, these can help enable self-defense strategies to create a safer digital environment for all ages by continuously monitoring how this horrific trend can end.


Does less than 35% of the population know what smishing is?

Yes, SMS scams look different and are more challenging to detect.

Why are smishing attacks successful?

It is successful because there is no effective filter for SMS messages compared to emails.

What is the accuracy of smishing?

According to the result of an experiment, smishing has an accuracy of 96.4%.

What is the impact of smishing?

Once cybercriminals access your personal information, they can commit identity fraud and have a long-term impact on your financial well-being and credit score.


Aditya Rayaprolu

Aditya Rayaprolu

As a cloud architect at McKinsey with experience handling Fortune 500 clients, this individual has comprehensive expertise in cutting-edge technologies and tools such as cloud computing, virtualization, network security, data storage, and disaster recovery. They have a wealth of experience in creating and executing virtualization solutions for both on-premise and cloud-based systems, with a primary focus on enhancing efficiency, dependability, and security.

Leave your comment

Your email address will not be published.