Phishing continues to grow as one of the main threats in today’s digital landscape, particularly through messages containing malicious links, according to OpenSecurity. The cybersecurity firm Proofpoint reports a 119% increase in this type of attack over the past three years. However, the phenomenon has evolved beyond email, incorporating channels such as text messages and other digital platforms, significantly increasing their success rate.
Proofpoint’s investigations reveal that cybercriminals have adopted new strategies, initiating contact with victims via email and then attempting to continue the conversation through SMS. This channel shift helps evade security systems primarily focused on email protection. In one case studied by the company, an attacker posed as an external provider and asked the victim to switch communication channels. Although the message did not contain links or attachments, it requested personal information, making it difficult to detect as a threat and allowing it to land directly in the inbox without being filtered.
Proofpoint warns that this tactic, known as “smishing” (SMS phishing), has increased by 2,524% over three years. Additionally, data shows that text messages generate higher engagement rates, with between 8.9% and 14.5% of recipients clicking on SMS links, compared to only 2% for email.
Company experts note that “cybercriminals know that the multiple channels users rely on for communication and collaboration—such as messaging platforms, collaboration tools, cloud applications, and file-sharing services—are less secure and not always monitored by security operations centers. This makes these types of attacks a serious threat to organizations.”
In response, Proofpoint recommends proactive measures such as using AI-powered threat detection tools capable of analyzing both links and message content to understand the sender’s intent. They also emphasize the importance of extending protection beyond email, including messaging and collaboration apps, and strengthening cybersecurity training for users to promote more vigilant behaviors and reduce human risk.