In 2023, smishing attacks surged by 318% globally, according to Proofpoint, with financial institutions and telecom customers being the top targets. These scams, which use fraudulent text messages to trick individuals into revealing personal or financial information, are no longer amateur operations—they’re orchestrated by sophisticated cybercriminal networks using automation, social engineering, and hijacked phone infrastructure.
Smishing isn’t just a consumer problem. It erodes trust in banks and telcos alike, leading to reputational damage, increased fraud losses, and regulatory scrutiny. As attacks become more advanced, fragmented efforts to combat them are proving inadequate. A coordinated strategy between banks and telecom providers is no longer optional—it’s essential.
How Smishing Attacks Work—and Why They’re Evolving Fast
Smishing (SMS phishing) is a form of social engineering where attackers send deceptive text messages that impersonate legitimate entities—often banks—urging recipients to click malicious links or call fake support numbers. The messages typically claim suspicious activity on an account, a problem with a payment, or a time-sensitive security issue.
What makes smishing particularly insidious is its appearance of legitimacy. Scammers exploit techniques like number spoofing to make the SMS appear as if it’s coming from a bank’s official short code or a trusted sender already in the user’s message thread. These attacks are growing in scale and precision thanks to:
- Phone number spoofing and SMS hijacking
- AI-generated messages tailored to specific individuals
- Smishing kits sold on the dark web, making attacks easy to deploy
As more consumers use mobile banking and rely on text-based two-factor authentication, the opportunity for exploitation increases. This makes SMS-based scams not just a nuisance, but a systemic risk to both sectors.
The Toll on Banks, Telcos, and Trust
For banks, smishing can lead to direct financial losses through fraudulent transfers, account takeovers, and chargebacks. It also triggers indirect costs: fraud team overload, compliance risks, and a growing sense of distrust among customers.
Telcos, while not the endpoint of the fraud, play an essential role in enabling message delivery. Their infrastructure is often exploited by attackers using grey routes or SIM farms to push out messages en masse. Regulatory bodies are now scrutinizing telecom providers more heavily, questioning how malicious traffic gets through in the first place.
Beyond financial and regulatory implications, the real casualty is customer trust. When consumers receive convincing fake messages claiming to be from their bank or service provider, they lose confidence in legitimate communications. This undermines the core customer relationships that both industries rely on.
Why Existing Measures Are Falling Short
Despite growing awareness, most anti-smishing efforts remain siloed. Banks often focus on customer education and post-event fraud detection, while telcos invest in spam filtering or network-level blocking. While both are necessary, these measures alone aren’t sufficient to stop attacks in real time or at scale.
Even with investments in SMS firewalls and number-blocking systems, many smishing attacks still slip through due to the rapid evolution of scam tactics. Static filters often lag behind new phishing campaigns, leaving customers vulnerable. Real-time scam detection addresses this gap by identifying malicious patterns and behavioral anomalies the moment they emerge—before fraudulent messages reach recipients.
Key limitations include:
- Reactive detection: Most banks only identify smishing after a customer reports an incident or falls victim.
- Lack of real-time intelligence sharing: Banks and telcos rarely have shared frameworks or protocols to flag threats across channels quickly.
- Inconsistent sender authentication: Without widespread adoption of verified sender frameworks (like SMS sender ID registries), it remains easy for attackers to spoof trusted numbers.
This fragmented approach leaves critical gaps that attackers are eager to exploit. It’s time for a more integrated model—one rooted in collaboration.
A Collaborative Path Forward: Joint Solutions to a Shared Threat
Banks and telcos are uniquely positioned to neutralize smishing if they break down the silos and treat fraud prevention as a joint mission. Several key strategies can make this collaboration more effective:
1. Cross-Sector Intelligence Sharing
Develop secure and structured channels to share real-time indicators of compromise (IOCs), including phishing URLs, spoofed numbers, and scam message content. A shared intelligence hub would allow telcos to block malicious senders proactively and banks to warn customers earlier in the attack cycle.
2. AI-Powered Pattern Recognition
AI and machine learning tools can analyze billions of messages across networks to detect anomalies—such as unusual volumes of messages from unregistered short codes or suspicious links being reused. When deployed across both banking and telecom networks, AI-driven analytics can flag coordinated attacks before they spread.
3. Sender Authentication and Trust Frameworks
Adopting frameworks like SMS sender ID registries and rich communication services (RCS) with verified business profiles can make it easier to distinguish real messages from fakes. Telcos and banks must align on enforcement and education to drive adoption at scale.
4. Coordinated Consumer Education
Instead of separate campaigns, banks and telcos can align on public messaging to educate consumers—creating unified guidance on how to verify messages and report suspicious activity. Consistency builds trust and reduces confusion when attacks occur.
5. Regulatory Engagement as a Coalition
Joint industry coalitions can engage with regulators to shape policies around sender identity, traffic monitoring, and cross-border enforcement. A united voice can push for more effective standards and accountability without placing the burden solely on consumers.
Working in Tandem to Rebuild Trust
Smishing thrives in the cracks between institutions. Attackers exploit disjointed systems, inconsistent policies, and gaps in visibility across communication channels. But just as the attack surface spans both telecom and financial infrastructure, so too must the defense.
The next phase of fraud prevention requires more than improved technology. It demands a new model of collaboration—one that treats the customer journey as a shared responsibility and recognizes that protecting trust is a team sport.
If banks and telcos can align on intelligence sharing, coordinated detection, and unified communication strategies, smishing doesn’t have to be the unmanageable threat it seems. The opportunity lies in turning a fragmented challenge into a collective advantage.
See how KnowScam helps detect and stop smishing threats targeting your customers.
[JB1]link to https://www.globalsecuritymag.fr/Proofpoint-revealed-the-colossal-scale-of-smishing-in-2023.html
[JB2]link to https://scamnetic.com/blog/bank-phishing-scams/
[JB3]link to https://scamnetic.com/types-of-scams/
[JB4]link to https://scamnetic.com/
