Messaging fraud trends point to smarter attacks, stronger blocking

Fraudsters spent 2025 investing in scale. New routes, new tools, and higher message volumes moved through the SMS, voice, and chat channels that businesses rely on to reach customers. Money follows that activity. The Communications Fraud Control Association puts global telecom fraud losses at around 42 billion dollars for the year, several billion higher than its estimate for the prior year.

messaging fraud trends

Blocked volumes rose alongside the threat. Infobip, a communications platform that handles billions of interactions each month, reports that blocked messages grew 77% between 2024 and 2025. This means attackers pushed more traffic, and detection systems caught a wider range of it. Some markets also show better outcomes as detection infrastructure matured, a sign that defenses are catching up in places where they had lagged.

Phishing leads the blocked traffic

Phishing sits at the center of the problem. It made up close to half of everything blocked in 2025, and its share climbed from the prior year as credential-theft campaigns turned more industrial. Phishing volume grew 94% year over year, faster than overall spam, a sign that attackers are concentrating effort where the payoff is account access and payment data. One corner of phishing eased: delivery scams that impersonate couriers and postal services declined over the year, which suggests consumer awareness of that specific trick is building.

The tactics keep changing

Pattern-based filters that match known signatures still do most of the heavy lifting, and they caught more in 2025 as their rules widened. A newer method scaled fast: detection of harmful content hidden inside images grew more than sixfold in a single year, a response to fraudsters embedding scam text in pictures to slip past scanners that read only words.

Fraud pressure tracks the shopping calendar

Fraud pressure follows commerce. The busiest shopping weeks draw the most harmful traffic, because authentication messages, order alerts, and promotions all surge together. December 2025 was the heaviest month for blocked harmful content, running more than twice the level seen early in the year. November built toward it, lining up with Singles Day, Black Friday, and Cyber Monday. Peaks like these make static rules harder to trust, since real-time classification is the defense that keeps up with the volume.

Regional patterns vary

The map looks different depending on where you stand. North America saw the sharpest escalation, with blocked messages more than tripling over the year as smishing and inflated authentication traffic climbed. Latin America posted steady growth and leans heavily on phishing, which drives half of its blocked traffic. Europe grew broadly with a gambling angle, and blocked gambling messages there rose sharply as betting operations expanded across the continent. In Africa, the mix moved away from a single dominant category, with phishing shrinking as a share of blocked traffic and gambling taking up more room.

Operators blocked more at the network level

Mobile operators pushed more filtering into their own infrastructure. Grey routes that dodge official billing stayed a core target, and the volume of unauthorized traffic slipping past the firewall fell across the year. SIM box schemes, which push messages through pools of local SIM cards, remained the most seasonal grey-route threat and still accounted for a large share of what leaked through. Automation did much of the work, with most SIM box blocking decisions handled by machine-learning models by year end.

Costly fake OTP traffic eased

Artificially inflated traffic drains money quietly. Also called SMS pumping, it bills companies for floods of authentication messages sent to bot-controlled numbers, and industry estimates put the annual cost near 8.5 billion dollars. Enterprises running an SMS one-time password can wind up billed for millions of messages sent to numbers that never convert, with nothing to show for the spend. Infobip recorded a drop in suspicious volume across 2025. Flagged activity still climbed steeply in Europe and Latin America, two markets where authentication fraud grew through the year.

Businesses reach past SMS

Companies are adding checks that live in the mobile network. These network APIs answer questions that only the operator can settle, such as whether a SIM card was recently swapped or whether a caller holds the number they claim. Total use of these services grew 91% in 2025, led by banks, fintechs, and payment providers.

Number Verification, which confirms number ownership silently, grew several times over off a small base, and regulators are giving the category momentum. The UAE and the Philippines have moved to limit SMS one-time passwords for high-risk banking, steering enterprises toward layered authentication.

Attackers keep automating and scaling, and the businesses carrying legitimate messages keep moving detection closer to real time and spreading authentication across more channels. Matija Ražem, Infobip’s chief commercial telecom officer, said organizations are building security into their communication infrastructure and meeting AI-driven attacks with detection that adapts at the same speed. Trust is turning into a commercial asset for the companies that get there first.

Don't miss