Main Image

From Phishing to Smishing: The Evolution of Online Scams and the Battle to Stay Safe

3 min read

Less than 7% of all scams are reported. Less than 1% of scammers are convicted.

This is the state of today’s Internet. A place where dreams come true, and nightmares are just a click away. Just like phishing and smishing – the two horsemen of the digital apocalypse.

These scams have been around for decades, but they have evolved with the times, becoming more sophisticated and harder to detect. They prey on our trust, our fears, and our desires, using social engineering tactics that would make even the most seasoned con artist blush.

But do not despair, dear reader. We've got your back. 

Join us as we explore the ins and outs of these scams, expose their slimy tricks, and arm you with some knowledge for staying safe and secure in the Wild West online.


Phishing: The Original Email Scam

Phishing, the pioneering online scam, has been deceiving internet users since the mid-1990s. This con involves sending fraudulent emails that mimic legitimate sources, tricking recipients into divulging sensitive information such as login credentials or financial details.

The earliest known phishing attacks targeted AOL users, with scammers posing as AOL employees to steal login information. As technology evolved, so did phishing techniques, but the core concept remains unchanged.

Phishing emails employ various tactics to appear authentic, such as using official logos, spoofing email addresses, and creating a false sense of urgency. A notorious example is the 2016attack on Hillary Clinton's campaign chairman, John Podesta. Hackers sent Podesta an email purportedly from Google, urging him to change his password due to an alleged account breach. When Podesta clicked the link and entered his credentials, the hackers gained access to his email account, leading to damaging leaks.

In 2022, 93% of successful data breaches involved phishing. Phishing was also found to be the second most common cause of data breaches in 2022 at 16% and the costliest, with an average breach cost of USD 4.91 million, according to IBM’s Data Breach Report.

Smishing: Phishing Goes Mobile

As smartphones became ubiquitous, scammers quickly adapted their tactics, giving rise to smishing—phishing's mobile-savvy cousin. Smishing involves sending deceptive text messages that lure victims into revealing sensitive information or installing malware on their devices. This tactic is fueled by the perception that text messages are more trust worthy than emails.

In India alone, the scale of the smishing problem is staggering. Approximately 140 million phishing messages are sent per month, with around 70 million unique citizens vulnerable to these scams. That's1 out of every 12th person in the country at risk. The scammers are relentless,sending roughly 5 million phishing messages per day.

The consequences are dire. An estimated200,000 citizens potentially fall victim to smishing every month in India. However, the true extent of the problem remains hidden, as only around 40,000people report these cases. That's just 15-20% of the total number of people who get scammed.

Here are a few important ways smishers will try to trick you.

  1. Fake Loan Offers: Picture this – you're scrolling through your phone, minding your own business, when suddenly a text message pops up offering you a low-interest loan. It seems too good to be true, and that's because it is. These scammers, posing as legitimate financial institutions, lure you in with the promise of easy money. But click on that link, and you'll find yourself on a phony website, ready to steal your personal and financial details faster than you can say "identity theft."
  2. Fake Promotions and Cashbacks/Discounts: Who doesn't love a good deal? Smishers know this, and they're not afraid to use it against you. They'll send you texts promising incredible discounts, cashback offers, or promotional codes for your favorite brands. But beware! These offers are nothing more than a wolf in sheep's clothing. Click on the link, and you'll be directed to a convincing but fake website, where you'll be asked to provide your credit card details or other sensitive information. And just like that, the scammers will be laughing all the way to the bank.
  3. Credit Card Reward Points Scam: Rewards points are like digital gold for credit card users. But smishers have found a way to turn this gold into lead. They'll send you a text claiming that you've accumulated a bunch of reward points, and all you need to do is click on a link to redeem them. But surprise, surprise! The link leads to a bogus website designed to steal your credit card information. And before you know it, your reward points will be the least of your worries.
  4. Investment Opportunity Scams: In a world of economic uncertainty, the promise of a lucrative investment opportunity can be hard to resist. Smishers know this, and they'll use it to their advantage. They'll send you texts boasting about guaranteed returns, exclusive insider tips, or once-in-a-lifetime chances to get in on the ground floor of the next big thing. But don't be fooled! These "opportunities" are nothing more than smoke and mirrors, designed to trick you into handing over your money to the scammers.
  5. Bank Account/Credit Card Blocked: Imagine the panic you'd feel if you received a text saying your bank account or credit card had been blocked due to suspicious activity. Smishers are counting on that panic to cloud your judgment. They'll urge you to click on a link to "verify" your information or "reactivate" your account. But in reality, you'll behanding over your sensitive details to the scammers on a silver platter.
  6. Bank Account Blocked/KYC Pending Fraud: Similar to the previous use case, this scam preys on your fear of losing access to your finances. The smishers will claim that your bank account has been blocked due to pending KYC (Know Your Customer) verification. They'll provide a link, asking you to update your KYC details to unblock your account. But the link will lead you to a fake website, designed to steal your personal and financial information.

In the face of these threats, solutions like Wisely ATP offer a glimmer of hope. With its real-time processing capabilities, scalability to handle over 1 trillion messages, and an impressive 99%+ efficacy rate, Wisely ATP is well-equipped to protect end-users from falling victim to these scams.

But the battle against phishing and smishing is not one that can be fought alone. It requires the collective efforts of individuals, organizations, and technology providers alike. Only by standing united, sharing information, and remaining ever-vigilant can we hope to build a safer, more secure digital world for ourselves and future generations.