Smishing, or SMS phishing, is a phishing attack method where scammers send malicious text messages to unsuspecting victims. The intention is to have these users click through a compromised link, download malware onto their devices, or expose their personal information.
Many global users know the dangers of clicking through malicious links in emails. However, only a few know the risks of clicking through links in text messages.
Below, we look at all the newest smishing statistics to give you a holistic view of this budding cybersecurity threat.
Top 6 Smishing Statistics (Editor’s Pick)
- In 2022, 71% of users did not know what “smishing” was.
- Text delivery smishing scams rose by 156% between October and November 2022.
- The prevalence of smishing attacks rose to 76% in 2022.
- In 2022, robotext smishing scammers stole $20.6 billion from victims.
- In Q4 2021, 50% of smishing lures in the UK were themed around parcel or package delivery notifications.
- 38% of Japanese organizations faced 1 to 10 smishing attacks in 2021.
Latest Smishing Statistics
1. In 2022, 71% of users did not know what “smishing” was.
Only 29% knew the meaning of “smishing,” growing 6% from 23% in 2021.
2. 38% of surveyed workers across the US and Europe in 2021 received suspicious text messages.
Meanwhile, 14% clicked a link in a direct message that downloaded malware.
3. 10% of organizations in 2021 experienced between 51 to 100 smishing attacks.
Meanwhile, 23% experienced 1 to 10 attacks, 18% experienced 11 to 25 attacks, and 16% experienced 26 to 50 attacks.
|Frequency of Attacks||Global Average|
|1 - 10||23%|
|11 - 25||18%|
|26 - 50||16%|
|51 - 100||10%|
|Unsure of total||1%|
4. According to the FBI, in 2021, there were 323,972 phishing, vishing, smishing, and pharming victims.
Combined, these victims lost $44,213,707.
Smishing Statistics by Industry
5. In 2022, 32% of surveyed organizations used smishing and vishing simulations in their security awareness training.
74% of organizations had security awareness training in place.
However, only 56% trained everyone in the organization, while 35% used simulations, a significant drop from 41% in 2021.
6. Text delivery smishing scams rose by 156% between October and November 2022.
30% of SMS spam messages sent during Black Friday and the holiday season had phishing intentions.
7. In 2021, 33% of organizations used smishing and vishing simulations in their security awareness programs.
However, regarding actual topic coverage, 26% was allocated to smishing, while email-based phishing took up almost 50% of the security training.
|Topic||Percentage of Coverage|
Smishing Statistics by Frequency
8. In 2021, 96,000 Amazon customers were the target of smishing attacks, making Amazon the most impersonated brand in smishing attacks.
About 6,000 lost up to $27 million in these scams, which could come in the form of text messages claiming that victims had won a free product from Amazon with a malicious link to claim their prize.
9. In 2022, 13% of adults in threat situations downloaded malware through smishing.
Another 18% clicked a phishing link to a fake website, while 11% downloaded malware from a phishing link or site.
10. The prevalence of smishing attacks rose to 76% in 2022.
This represents a 1% growth from 75% in 2021. In comparison, the prevalence of vishing grew to 71%.
|Prevalence of Attacks||2022||2021|
11. 74% of organizations in 2021 experienced smishing attacks.
23% of the attacked US and European companies got 1 to 10 attacks, 34% suffered 11 to 50 episodes, and 16% received over 50 attacks. Only 26% reported not getting attacked.
Smishing Statistics by Demographics
12. In Q4 2021, 50% of smishing lures in the UK were themed around parcel or package delivery notifications.
Meanwhile, in the United States, this lure category was present in about 20% of occurrences.
13. 63.5% of Japanese smartphone users in 2022 did not know or understand the meaning of smishing.
Meanwhile, 7.7% had intricate knowledge about it, 11% knew it to a certain degree, and 17.8% had only heard about the name.
14. 58.3% of Japanese computer users in 2022 did not know or understand the meaning of smishing.
Meanwhile, 9.2% knew about it, 12.9% understood it to a degree, and 19.6% had heard the name before.
Comparatively, more than 20% of UK brands surveyed in the same period faced 50+ smishing, vishing, and social media attacks.
16. 38% of Japanese organizations faced 1 to 10 smishing attacks in 2021.
The table below shows the breakdown of organizations facing various smishing attack frequencies in different countries.
|No. of Attacks||Australia||France||Germany||Japan||Spain||UK||US|
|1 - 10||24%||23%||19%||38%||21%||16%||16%|
|11 - 25||26%||14%||16%||6%||21%||20%||24%|
|26 - 50||22%||26%||18%||10%||5%||19%||13%|
|51 - 100||12%||5%||9%||14%||6%||13%||11%|
|Unsure of total||0||0||4%||4%||0%||10%||1%|
Smishing Statistics by Financial Impact
17. In 2022, robotext smishing scammers stole $20.6 billion from victims.
This accounted for a 105% increase from $10 billion lost by victims in 2021.
18. Scammers were using COVID-19 pandemic texts to scam unsuspecting victims in 2021.
Victims lost $86 million to such and other text scams in the previous year.
19. In 2021, the IRS warned of increased personal information cons by scammers stealing Economic Impact Payments (EIPs).
Scammers would send texts inquiring about bank account details or account information and would include a link to verify this data.
Protect Yourself From Smishing
The statistics above reveal that most of the population still needs to familiarize themselves with smishing. Many are too trusting of text messages and would willingly click unverified links, download malware, or expose their data.
Avoid clicking through unverified text links to protect yourself from becoming a statistic. Additionally, delete messages from any unknown numbers and report any suspicious messages to the necessary authorities.