Skip to main content
TopAIThreats home TOP AI THREATS
Technical Attack

Smishing

A phishing attack conducted via SMS text messages, often using AI to generate convincing, contextually relevant lures.

Security & Cyber Information Integrity

Definition

Smishing (SMS phishing) is a social engineering attack conducted via text messages, in which attackers send fraudulent SMS communications designed to trick recipients into clicking malicious links, revealing credentials, or downloading malware. Smishing exploits the trust and immediacy associated with text messaging, often impersonating banks, delivery services, government agencies, or known contacts. AI enhances smishing by enabling the generation of contextually appropriate, grammatically correct messages at scale, and by facilitating real-time personalisation based on harvested data about targets.

How It Relates to AI Threats

Smishing operates within Security & Cyber as a social engineering vector that has been amplified by AI capabilities. It intersects with Information Integrity when used in identity hijacking campaigns where attackers impersonate trusted entities via text to extract sensitive information or establish initial contact for further exploitation. AI enables smishing at scale by automating message generation, personalisation, and response handling, reducing the per-target cost of attacks while increasing their effectiveness.

Why It Occurs

  • SMS messages have higher open rates than email, making them an attractive attack vector
  • Text messages carry an implicit urgency that prompts rapid, less-considered responses from recipients
  • AI-generated messages can be tailored to individual targets using scraped personal data
  • Mobile devices often display limited sender verification information
  • Many users are less aware of SMS-based threats compared to email phishing

Real-World Context

Smishing is frequently used as an initial contact vector in multi-stage attack chains, including those documented in FBI deepfake impersonation warnings (INC-23-0001). The FBI has noted that attackers increasingly combine smishing with other AI-enhanced techniques — such as voice cloning follow-up calls — to build credibility across multiple communication channels. The Federal Trade Commission has reported consistent year-over-year increases in text-message-based fraud reports. In the UK, HMRC impersonation smishing campaigns have become widespread enough to warrant dedicated public awareness programmes.

Related Incidents

INC-23-0001 high 2023-01

AI Deepfake Impersonation Campaign Targeting Senior U.S. Government Officials

Related Threat Patterns

Deepfake Identity Hijacking Information Integrity

Related Terms

Phishing Vishing
← Back to Glossary → Taxonomy → All Domains

Last updated: 2026-02-14