SMS Phishing as the Preferred Choice of Phishing Attacks

November 29, 2021 - Proofpoint is noting an alarming trend of SMS-text phishing to attack mobile users and their devices. In comparison to the first half of 2021, global reports of SMS-phishing has increased over 270%.

The use of text messages as a phishing vector is popular because it is more effective versus email-based phishing. On average, 30% of phishing emails are opened by their intended recipient, and 12% of recipients will click on a malicious link or open a malicious attachment from a phishing email. In contrast, SMS-phishing texts have a 98% opening rate, and 90% of messages are opened within the first three minutes according Proofpoint -- That is a click-through rate of eight times more on SMS-based vs. email-based phishing.


SMS-phishing can come in a variety of flavors disguising as:

  • Amazon/Fedex/UPS/USPS deliveries

  • Request for information from some authorities like the IRS, local or state government.

  • Bank and other online services notification

  • Account breach notification

  • Winning prize notification

What are the best practices to consider?

  • Look out for and delete suspicious messages that may describe packages you did not order or transactions you never conducted.

  • If you are expecting a package from a delivery service, use the official site to verify the package tracking status.

  • Avoid downloading and installing software that you did not request.

  • Never click a link to an unsolicited text.

  • Never give away personal data like PINs, card numbers and passwords.

  • Use a landline where possible.

  • If you are not certain, independently verify the legitimacy of the text by calling your bank or online services using the official contact number/email listed at the official site.