GITNUXREPORT 2025

Smishing Statistics

Smishing attacks surged 400%, victimizing millions and costing billions annually.

Jannik Lindner

Jannik Linder

Co-Founder of Gitnux, specialized in content and tech since 2016.

First published: April 29, 2025

Our Commitment to Accuracy

Rigorous fact-checking • Reputable sources • Regular updatesLearn more

Key Statistics

Statistic 1

The average time to detect a smishing-related breach is 72 hours

Statistic 2

68% of consumers stated they would report a suspicious text message if they knew how

Statistic 3

The average financial loss from a smishing scam is around $600 per victim

Statistic 4

The cost of smishing attacks to businesses globally is estimated at over $2 billion annually

Statistic 5

The average monetary loss per smishing incident is around $1,200

Statistic 6

70% of mobile phishing attacks are conducted via smishing

Statistic 7

The number of reported smishing attacks increased by over 400% between 2020 and 2023

Statistic 8

55% of consumers can't distinguish between legitimate and fraudulent text messages

Statistic 9

45% of organizations experienced a decrease in productivity due to smishing-related breaches

Statistic 10

60% of smishing attempts use urgent language to prompt immediate action

Statistic 11

80% of all phishing attacks incorporate some form of social engineering, often via smishing

Statistic 12

65% of smishing campaigns include links to fake websites designed to steal credentials

Statistic 13

Approximately 83% of cyberattacks start with a phishing email or message, often via smishing

Statistic 14

In 2022, over 57% of smishing messages contained malicious links

Statistic 15

Mobile malware associated with smishing increased by 220% in the last year

Statistic 16

40% of smishing victims report that they clicked on a malicious link, leading to data compromise

Statistic 17

28% of respondents in a survey could not recognize a smishing attack

Statistic 18

Globally, nearly 1.5 million reports of smishing have been filed in 2023 alone

Statistic 19

50% of smishing messages are related to fake prize winnings

Statistic 20

25% of organizations experienced an increase in customer complaints related to smishing

Statistic 21

52% of smishing links lead to fake banking or financial websites

Statistic 22

19% of smishing scams include impersonation of a well-known brand or government agency

Statistic 23

21% of victims lose access to their online accounts after clicking malicious links

Statistic 24

54% of small businesses experienced a smishing attack in 2023, up from 30% in 2020

Statistic 25

55% of smishing messages contain fake alerts about account breaches

Statistic 26

30% of smishing messages attempt to acquire personal health information

Statistic 27

Over 60% of smishing attacks use a sense of urgency to prompt action

Statistic 28

The phishing click-through rate via SMS is 5 times higher than email

Statistic 29

77% of smishing schemes include links to fake login pages to harvest credentials

Statistic 30

88% of organizations have experienced at least one smishing incident in the past year

Statistic 31

81% of smishing attacks target users of mobile banking apps

Statistic 32

33% of smishing texts mimic official messages from government agencies

Statistic 33

52% of fraudulent SMS messages contain a sense of urgency to bypass skepticism

Statistic 34

2.3 million Americans fell victim to smishing scams in 2022

Statistic 35

34% of smartphone users have received a smishing message

Statistic 36

The highest percentage of smishing attacks target individuals aged 25-34

Statistic 37

The average age of a smishing victim is 39 years old

Statistic 38

73% of reported smishing scams target banking customers

Statistic 39

32% of targeted individuals reported their bank account being compromised after a smishing scam

Statistic 40

46% of users who receive smishing messages do not report them to authorities

Statistic 41

47% of people have received a smishing message in the last 6 months

Statistic 42

42% of victims report having forwarded smishing messages to friends or family, sometimes enabling further scams

Statistic 43

The median age of victims who fall for smishing schemes is 36 years

Statistic 44

69% of victims do not report smishing incidents, citing ignorance or fear

Slide 1 of 44
Share:FacebookLinkedIn
Sources

Our Reports have been cited by:

Trust Badges - Publications that have cited our reports

Key Highlights

  • 70% of mobile phishing attacks are conducted via smishing
  • The number of reported smishing attacks increased by over 400% between 2020 and 2023
  • 2.3 million Americans fell victim to smishing scams in 2022
  • 55% of consumers can't distinguish between legitimate and fraudulent text messages
  • 45% of organizations experienced a decrease in productivity due to smishing-related breaches
  • 60% of smishing attempts use urgent language to prompt immediate action
  • The average financial loss from a smishing scam is around $600 per victim
  • 34% of smartphone users have received a smishing message
  • The highest percentage of smishing attacks target individuals aged 25-34
  • 80% of all phishing attacks incorporate some form of social engineering, often via smishing
  • 65% of smishing campaigns include links to fake websites designed to steal credentials
  • The average age of a smishing victim is 39 years old
  • Approximately 83% of cyberattacks start with a phishing email or message, often via smishing

With smishing scams surging by over 400% in just three years and 70% of mobile phishing attacks now conducted via SMS, it’s clear that hackers are increasingly targeting your phone—and most of us can’t even tell the difference between legit messages and dangerous scams.

Detection, Reporting, and Prevention

  • The average time to detect a smishing-related breach is 72 hours
  • 68% of consumers stated they would report a suspicious text message if they knew how

Detection, Reporting, and Prevention Interpretation

While it takes organizations an agonizing 72 hours to detect smishing breaches, empowering consumers with knowledge could turn them into frontline defenders rather than unwitting victims.

Financial Impact and Losses

  • The average financial loss from a smishing scam is around $600 per victim
  • The cost of smishing attacks to businesses globally is estimated at over $2 billion annually
  • The average monetary loss per smishing incident is around $1,200

Financial Impact and Losses Interpretation

While a single victim may lose around $600, the staggering global cost of smishing—over $2 billion a year—reminds us that cybercriminals' pocket change can amount to an epidemic of financial peril for both individuals and enterprises.

Phishing and Smishing Attack Trends

  • 70% of mobile phishing attacks are conducted via smishing
  • The number of reported smishing attacks increased by over 400% between 2020 and 2023
  • 55% of consumers can't distinguish between legitimate and fraudulent text messages
  • 45% of organizations experienced a decrease in productivity due to smishing-related breaches
  • 60% of smishing attempts use urgent language to prompt immediate action
  • 80% of all phishing attacks incorporate some form of social engineering, often via smishing
  • 65% of smishing campaigns include links to fake websites designed to steal credentials
  • Approximately 83% of cyberattacks start with a phishing email or message, often via smishing
  • In 2022, over 57% of smishing messages contained malicious links
  • Mobile malware associated with smishing increased by 220% in the last year
  • 40% of smishing victims report that they clicked on a malicious link, leading to data compromise
  • 28% of respondents in a survey could not recognize a smishing attack
  • Globally, nearly 1.5 million reports of smishing have been filed in 2023 alone
  • 50% of smishing messages are related to fake prize winnings
  • 25% of organizations experienced an increase in customer complaints related to smishing
  • 52% of smishing links lead to fake banking or financial websites
  • 19% of smishing scams include impersonation of a well-known brand or government agency
  • 21% of victims lose access to their online accounts after clicking malicious links
  • 54% of small businesses experienced a smishing attack in 2023, up from 30% in 2020
  • 55% of smishing messages contain fake alerts about account breaches
  • 30% of smishing messages attempt to acquire personal health information
  • Over 60% of smishing attacks use a sense of urgency to prompt action
  • The phishing click-through rate via SMS is 5 times higher than email
  • 77% of smishing schemes include links to fake login pages to harvest credentials
  • 88% of organizations have experienced at least one smishing incident in the past year
  • 81% of smishing attacks target users of mobile banking apps
  • 33% of smishing texts mimic official messages from government agencies
  • 52% of fraudulent SMS messages contain a sense of urgency to bypass skepticism

Phishing and Smishing Attack Trends Interpretation

With over 70% of mobile phishing now delivered via smishing—whose 400% surge and 88% organizational hit rate reveal a social engineering trend leveraging urgency and fake links—it's clear that recognizing malicious texts is a critical skill in safeguarding both personal and organizational data amidst an increasingly targeted mobile threat landscape.

Victim Demographics and Behavior

  • 2.3 million Americans fell victim to smishing scams in 2022
  • 34% of smartphone users have received a smishing message
  • The highest percentage of smishing attacks target individuals aged 25-34
  • The average age of a smishing victim is 39 years old
  • 73% of reported smishing scams target banking customers
  • 32% of targeted individuals reported their bank account being compromised after a smishing scam
  • 46% of users who receive smishing messages do not report them to authorities
  • 47% of people have received a smishing message in the last 6 months
  • 42% of victims report having forwarded smishing messages to friends or family, sometimes enabling further scams
  • The median age of victims who fall for smishing schemes is 36 years
  • 69% of victims do not report smishing incidents, citing ignorance or fear

Victim Demographics and Behavior Interpretation

With nearly a quarter of Americans falling prey to smishing scams in 2022—predominantly targeting savvy yet vulnerable 25-34-year-olds—it's clear that while nearly half of us receive these digital deceptions, most choose silence over reporting, leaving many unknowingly complicit in the scammer’s silent success.

Sources & References