According to Infosecurity Magazine, SMS fraud losses are set to decline 11% next year, dropping from $80 billion in 2025 to $71 billion in 2026. Juniper Research analyst Ardit Ballhysa explained that diminishing message volumes make it harder for fraudsters to hide their traffic among legitimate messages. Operator security improvements, particularly enhanced firewall capabilities, are also making it more difficult for scam messages to reach users. However, sophisticated threats persist – including the China-based “Smishing Triad” group that registered 60,000 domains to impersonate US toll agencies. Security firm SecAlliance also reported that Chinese smishing syndicates may have compromised 115 million US payment cards over 16 months. Meanwhile, phishing-as-a-service platforms are making it easier for tech novices to launch sophisticated SMS scams.
Sponsored content — provided for informational and promotional purposes.
<h2 id="why-fraud-is-finally-declining”>Why fraud is finally declining
Here’s the thing – when SMS volumes drop, fraudsters can’t blend in as easily. Think of it like trying to hide a needle in a shrinking haystack. Ballhysa nailed it when he said this drives up costs and erodes profits for bad actors. Basically, SMS is becoming less valuable for them because the economics don’t work as well anymore.
And the operator security improvements are actually making a difference for once. Enhanced firewalls that do more than just screen sender IDs are finally starting to work. But let’s be real – it’s taken way too long for carriers to get serious about this. We’re talking about a problem that’s been bleeding consumers dry for years.
The threats aren’t going away
Now, don’t get too comfortable thinking SMS fraud is solved. The Smishing Triad campaign shows how sophisticated these operations have become. 60,000 domain names? That’s industrial-scale fraud. And when you’ve got phishing-as-a-service platforms doing all the heavy lifting, even amateurs can launch convincing campaigns across SMS, iMessage, and RCS.
These platforms are scary good – they harvest OTP codes when criminals try to use stolen cards in digital wallets. Basically, they’ve automated the entire fraud chain. So while overall losses might be declining, the individual attacks that do get through are more sophisticated than ever.
The RCS problem coming
Here’s where it gets really concerning. RCS messaging opens up a whole new attack surface with rich media, clickable buttons, and high-resolution photos. Fraudsters love this stuff because it makes social engineering so much easier. A fake button that says “Claim Your Prize” is way more convincing than plain text.
Juniper’s warning about deep content inspection is crucial. Carriers can’t just keep screening sender IDs – they need to actually analyze what’s inside those messages. The shift to RCS means the old security approaches won’t cut it anymore. Ballhysa is right that operators need to get ahead of this before fraudsters completely pivot to the new platform.
So while the decline in SMS fraud losses is welcome news, it feels like we’re just playing whack-a-mole. As one channel becomes less profitable, criminals will naturally migrate to wherever the easier money is. And right now, RCS looks like their next gold rush.
