As SMS phishing (smishing) evolves into a worldwide cybersecurity disaster, telecom infrastructure itself is coming beneath scrutiny. Can AI led instruments and network-level reforms actually hold tempo with threats that exploit the very design of cellular communication? Specialists throughout the cybersecurity and telecom spectrum weigh in.
The Rising Tide of Smishing Assaults
In a world more and more depending on cellular units, SMS phishing or smishing has emerged as some of the efficient and scalable cyberattack vectors. A latest report suggests as much as 3.3 billion Android units globally are in danger. Not like e-mail phishing, which is best policed by mature spam filters and sender authentication protocols, SMS stays a loosely protected frontier an open door for cybercriminals.
India, one of many world’s largest telecom markets, is going through a pointy rise in hyperlink primarily based cyber frauds. Whereas most operators are nonetheless catching up, Bharti Airtel has taken the lead by turning into the primary on the planet to roll out an AI powered fraud detection system designed to proactively shield its customers a stage of safety presently unmatched by Jio or Vi.
Additionally Learn: Why Airtel’s Spam-Blocking Proposal Might Do for Indian Telecom What UPI Did for Funds
RCS, SIMs, and the Structure Downside
“The telecom ecosystem is decentralised, world, and loosely regulated,” says Joshua McKenty, CEO of cybersecurity agency Polyguard. “Telephones and cellphone numbers don’t work the way in which customers suppose they do. Every part from SIMs, numbers, CNAM, to RCS Verified Senders is exploitable. That’s the true loophole.”
The shift from SMS to RCS (Wealthy Communication Providers) was meant to modernise messaging with encryption and multimedia capabilities. But it surely’s created unintended penalties. In response to Danny Rogers, CEO of cellular safety agency iVerify, “RCS is a present to the privacy-conscious, but in addition to scammers. Carriers can’t examine encrypted messages and in locations just like the EU, even unencrypted message scanning is commonly legally restricted.”
In different phrases, the identical encryption meant to guard customers can also be shielding attackers.
The Fantasy of AI as a Treatment-All
In Might 2025, Airtel launched a “world-first” AI-powered fraud detection system that works throughout SMS, OTT apps (like WhatsApp, Telegram), browsers, and e-mail. The system claims to dam malicious domains in actual time and alert customers with contextual warnings. It’s free for all cellular and broadband customers and is enabled by default. Whereas the transfer is extensively welcomed,
“Spam filters have been round for over a decade. AI helps refine them, certain, however scammers evolve too,” says Aimee Simpson, Director of Product Advertising at Huntress, a cybersecurity agency based by ex-NSA operatives. “Risk actors check variations till they slip previous filters. With out structural fixes and person training, the arms race will proceed.”
Simpson additionally highlights a key distinction: “Not like e-mail, the place senders may be verified simply, SMS messages come from nameless numbers. That’s a design flaw not only a safety failure.”
Extra Than Simply Filters: The Want for Coverage, Identification, and Infrastructure Reform
The problem is not simply technical. It is strategic. “People can’t detect deepfakes. And neither can AI constantly,” says McKenty. “What we’d like is identity-based provenance verifiable origins of messages. STIR/SHAKEN is a begin, nevertheless it’s caught in slow-moving telecom requirements.”
Amit Modi, CTO of Movius, emphasises a multi pronged technique: “Telcos should use machine studying for fraud detection, sure, but in addition implement behavioural evaluation, identification verification programs, and stricter coverage enforcement. And person training should be ongoing not one time.”
McKenty agrees, including that telcos can now not play each side. “You may’t defend each person anonymity and hacker management. Telcos want to choose a aspect combat for the person or threat irrelevance.”
The Last Frontier: Endpoints and Customers
As encryption limits provider stage visibility, specialists argue the combat should more and more shift to the person’s machine. “Most future detections should occur on machine, since telcos can’t see encrypted content material,” says Rogers. “That’s why endpoint safety options like iVerify are vital. Telcos merely don’t have the entry or authorized mandate anymore.”
However even endpoint instruments have limits. Probably the most scalable protection? Consumer consciousness. “By no means click on hyperlinks from numbers you don’t know,” says Simpson. “That recommendation is straightforward, nevertheless it’s highly effective. And it buys time for telcos to evolve their tech.”
Combating Smishing Requires Extra Than Tech
Smishing represents a convergence of weak infrastructure, authorized blind spots, and evolving cyber techniques. Airtel’s AI firewall is a daring step however one operator, or one AI, gained’t be sufficient. Actual progress calls for industry-wide cooperation, person centered design, and coverage frameworks that hold tempo with digital threats.
The structure of world cellular communication should evolve from reactive spam filtering to proactive, identity-led, privacy-balanced programs. Till then, smishing will stay not only a menace, however a symptom of deeper systemic vulnerability.
