Messaging scams now target nearly half of all Americans. A new report reveals who’s most at risk, how the attacks work – and how to stop them before anyone clicks.
This article contains:
- New study shows sharp rise in smishing and who’s most at risk
- Practical tips to strengthen everyday security awareness
- Proven methods like microtraining and simulations to protect your organization
New report reveals sharp rise in messaging scams
According to a recent Consumer Reports study (https://www.consumerreports.org/media-room/press-releases/2025/10/consumer-reports-study-finds-surge-in-texting-and-messaging-scams) texting and messaging scams have surged dramatically in 2025.
The report shows that text-based scams are among the fastest-growing forms of fraud, affecting nearly half of American consumers. It also states that three out of four scam attempts began through text messages, messaging apps, or email.
Younger people, especially those aged 18 to 29, are becoming prime targets due to their high engagement on messaging platforms.
Scammers often mimic legitimate messages from:
- Delivery services
- Banks
- Friends and relatives
These messages often contain links to fake websites that steal passwords, credit card details, or personal data.
The rise in smishing shows that no one is entirely immune to cyberthreats. Scammers are improving their techniques by using company logos to make messages appear legitimate. They also apply urgent language and personal details to sound more convincing.
What is smishing?
Smishing is a form of phishing that occurs over SMS or messaging apps. Instead of using email, criminals send text messages to trick you into sharing personal information or clicking malicious links. These texts might say things like:
- Your package is delayed
- We’ve noticed unusual activity on your account
- You’ve won a gift card
It’s easy to assume only older people fall for smishing scams or other cyberthreats (https://www.consilium.europa.eu/en/policies/top-cyber-threats/).
However, younger users are equally, and increasingly, vulnerable. They frequently use online communication, mobile banking, and online shopping, which scammers exploit.
How to strengthen behavior and security awareness
Protecting yourself and your organization from smishing takes more than simply blocking messages. You need to promote strong habits and foster a culture of security. Here are practical ways to do that.
Explore microtraining
Traditional training can feel long and boring. Microtraining offers short, focused lessons that employees can complete without disrupting their workday.
Nimblr’s microtraining solution teaches users how to recognize scams. It helps them handle suspicious links and build safer online habits. Each session lasts just a few minutes, making learning easy and consistent. Learn more
Test awareness
Simulated smishing attacks are an effective way to train users.
Nimblr’s simulations allow you to safely recreate real-world phishing and smishing attempts.
These tests help identify which employees may click on dangerous links or share sensitive information. They also show how employees respond under pressure. This kind of realistic practice builds confidence and prevents future mistakes.
Embrace everyday security
Cybersecurity awareness shouldn’t be a once-a-year topic.
Make it part of your daily routine. Start with small habits:
- Pause before clicking: Does the message make sense?
- Avoid clicking links in texts: Visit the official website instead.
- Verify with another source: Contact the sender through a different channel before responding.
Read how to build everyday awareness
Reinforce learning
People learn best when they feel supported, not blamed. Encourage employees to report suspicious texts and celebrate smart security behavior.
When someone spots a fake message, recognize their effort in team meetings or chat channels. You can even reward alert employees with shout-outs or small incentives.
If someone does fall for a scam, use it as a learning opportunity. Talk about how the scam worked and how to avoid it next time. This approach helps the entire team become more aware.
Keep learning
Cybercriminals constantly update their tactics. What worked last year might not be enough today. Scammers change how they craft fake messages, which words they use, and how links appear.
Stay informed with the latest scam alerts. Set reminders to refresh your online safety knowledge regularly.
Smishing scam defense with Nimblr
Text and messaging scams are on the rise as scammers become more sophisticated. Data from Consumer Reports shows just how serious the problem has become.
Invest in microlearning to stay current with best security practices. If you run a company, use simulations and promote daily awareness.
Nimblr is a trusted security awareness trainer for more than 4,000 security experts. Book a demo to discover how our holistic learning model can help you turn employees into cybersecurity pros, without overwhelming them.
