Smishing attacks use short message service or SMS, more commonly known as text messages. This form of attack has become increasingly popular due to the fact that people are more likely to trust a message that comes in through a messaging app on their phone than from a message delivered via email.
Although many victims don’t equate phishing scams with personal text messages, the truth is that it is easier for threat actors to find your phone number than your email. There is a finite number of options with phone numbers – in the U.S, a phone number is 10 digits.
Compare this to an email address, which is not limited by size, although there is a reasonable number of expected characters. Emails can include numbers, letters, and symbols – !, #, and %, for example. It is much easier to string together ten random digits to reach a victim than it is to connect to a person via an email address.
The hacker can simply send messages to any combination of digits that is the same length as a phone number. They can try any and all combinations of digits with no harm, no foul. Gartner reports that users read 98% of text messages and respond to 45%. This makes text very logical for hackers to use as an attack vector, especially when, as reported by Gartner, only 6% of emails receive responses.