SMS - or Short Message Service, is something that today's Gen Z does not have the same emotional connection to millennials like myself. It gave rose to 'lazy' English like u instead of you or 4 instead of four, as it took so bloody long to type out text messages on the original mobile phones! It is also probably invokes nostalgia of texting your first boyfriend or girlfriend and trying to interpret if there was meaning in the number of x's at the end of the message, or was at just me?!
However, its technological evolution is a strange one. It has all the hallmarks of something that should probably be on its way out. Here are some of the reasons for that hypothesis and why I think it is wrong:
- It is probably the most expensive for of digital messaging there is in terms of cost per character. It requires a select few telecommunications companies (Telcos) in a country to actually deliver the messages, who can be rigid gatekeepers. The internet does not have these gatekeepers. Anyone can publish content online to many people. That isn't the same with SMS messages. Telcos are few, as they need to possess expensive infrastructure to actually deliver these messages over the airwaves, and they need to comply with regulators such as Ofcom (UK communications regulator). Yes, you can send an SMS to your friend or mum, but if you want to send many, it is an expensive form of messaging. However it is that very expense that means that you receive fewer messages on the platform compared to other messaging platforms, and that tends mean that the read and response rate for SMS is better than other mediums* (https://www.gartner.com/en/digital-markets/insights/the-future-of-sales-follow-ups-text-messages).
- It is unencrypted in transit. Anyone that knows a few things about cyber security will know that sensitive data being transmitted by SMS and often Email is not good practice, as it is relatively easy for someone to read the content of those messages if they know what they are doing. We always recommend that clients do not send sensitive information using these forms of communication. So why is encryption not important for SMS users? The answer to that question is generally because the nature of the content in the messages doesn't contain confidential information. There are two common use cases for SMS messages, which tend to get grouped together as 'marketing' or 'transactional'. Marketing by its very nature tends to be public information, that someone is keen to promote. Transactional messages tend to be targeted alerts based on user situation and feedback such as OTP (one time passwords), critical alerts from software systems, medical notifications and travel notifications. Generally speaking, transactional messages do not contain sensitive data apart from OTP tokens, which is also why we don't recommend or endorse SMS based OTP as a suitable 2 factor authentication method for the cyber conscious buyer/organisation. See how this issue by-passed MFA access in the recent Marks and Spencer cyber attacks (https://sekura.id/ms-retail-sim-swap-attack/)
- There are so many other ways of communicating with people nowadays, from social media messaging apps to in-game chats. How has SMS stood the test of time? Well firstly, all major mobile phone companies still provide an SMS application for free by default to all devices, and secondly the reasons above mean that it is more effort and costs for a scammer to try and defraud or con you on that platform compared to say WhatsApp or other social media apps. This has meant that it is also trusted form of communication above other types of short-form messaging, although that trust is eroding due to the rise of smishing (like email phishing but for SMS). In order to combat this threat the Mobile Ecosystem Forum or MEF for short (https://mobileecosystemforum.com/) has been working on an initiative to 'protect' certain pre-registered sender IDs so hackers can't pretend that they are "Amazon" or your bank. If you aren’t familiar with what a SenderID is in SMS, it is the letter and numbers that appear in your SMS messages app, that aim to provide information and trust from who is sending you a message. More details here: https://www.twilio.com/docs/glossary/what-alphanumeric-sender-id. We are recommending that our UK customers engage with this process so that there is less likely for their staff and contractors to be 'smished'. Feel free to message me for more information on this.
- The above point brings me onto the title of this article. In my experience, very few businesses and organisations that use SMS are aware of the potential for hackers to highjack their brand for their own purposes. The ability to do this varies greatly from country to country and often depends on the level of regulatory maturity in that country with regards to this technology. One could argue that is it best to do away with SMS Sender IDs and be transparent about the number that the message is coming from and putting the responsibility on the end recipient to save that number as a trusted number on their device. However, I believe it is hugely optimistic to assume most users will do this, which leaves the public and companies in no better state of trust.
- SMS does not have a reliable 'read' functionality. Users of WhatsApp will know of this useful feature which allows you to see if the recipient has read a message or not. While this is promised to be changed for RCS messaging (https://en.wikipedia.org/wiki/Rich_Communication_Services) which is the SMS upgrade, the roll out is still new, and RCS messaging is not yet wide-spread. There are also other ways to achieve this through links and replying to numbers, so it becomes a less critical feature.
In conclusion, this article is written to be a snapshot in time regarding SMS, and at YUDU Sentinel (https://www.sentinelresilience.com/) we will be encouraging all customers to register with MEF and work with us to protect their Sender IDs to better trust and brand protection. Let me know if any of the above was useful to you in the comments. Thanks for reading!
*Data says 98% read rate SMS messages have exceptionally high open and read rates compared to other communication channels:
• Open rate: Approximately 98%
• Read time: Around 90% of SMS messages are read within 3 minutes
• Response rate: Typically 45%, compared to about 6% for email
These statistics make SMS a highly effective channel for urgent communications, alerts, and time-sensitive messages—especially in crisis or incident response contexts where speed and visibility are critical.