As text-based fraud surges worldwide, Google’s latest analysis exposes a shifting, industrial-scale ecosystem of “Spray and Pray” messages, patient romance baiting, and group-chat deception. Its Android defenses now block more than 10 billion malicious calls and texts each month — but the scammers, experts say, are learning faster than ever.
An Endless Tide of Digital Deception
The smishing epidemic no longer obeys borders. According to Google’s new report, waves of fraudulent messages appear to migrate between countries, creating the illusion of a global relay race in deceit. Yet the perpetrators, analysts note, rarely move at all.
“Once enforcement tightens in one area,” the company observed, “they simply pivot to another, creating a perpetual cycle of shifting hotspots.”
This churn, fueled by cheap automation tools and outsourced infrastructure, has made the scam economy both elastic and elusive. From employment hoaxes to fake delivery notices, each campaign mutates with minimal effort — an algorithmic hustle that never sleeps.
Spray, Pray, and Pivot: The Mechanics of Mass Fraud
Behind most schemes lies the same opening gambit: a “Spray and Pray” broadcast designed to catch even a fraction of inattentive recipients. Lures tied to current events — toll-charge warnings, bank verifications, shipping updates — generate just enough urgency to draw a click.
The links, often hidden behind URL shorteners, redirect to phishing sites that harvest credentials or financial data.
Others take a slower approach. In “Bait and Wait” campaigns, scammers pose as recruiters or acquaintances, cultivating trust over days or weeks. So-called “romance baiting,” a rebranded variant of the “pig-butchering” scam, exploits emotional vulnerability before striking.
“The tactics are more patient,” Google noted, “aiming to maximize financial loss over time.
The Hidden Supply Chain: SIM Farms and Phishing-as-a-Service
The modern scam economy thrives on industrial hardware and subscription software. Suppliers operate vast SIM farms — racks of phones that blast out thousands of texts every hour — while Phishing-as-a-Service (PhaaS) vendors sell turnkey kits that manage entire campaigns.
“[These messaging services] are the distribution engine,” Google said, linking scammers’ target lists to bulk-messaging platforms and PhaaS-hosted websites.
The ecosystem mirrors legitimate tech outsourcing: specialists handle infrastructure, content, and analytics, all purchasable on the dark web. The result is a global fraud industry that scales like software.
Google’s Counter-Offensive
To stem the tide, Google has fortified Android’s defenses. The company says it blocks more than 100 million suspicious numbers from using Rich Communication Services (RCS) — the next-generation messaging standard — before a single message is sent. Its on-device AI filters known spam into a “spam & blocked” folder, while new safeguards warn users when clicking on flagged links.
The analysis, based on user reports in August 2025, found employment fraud to be the most prevalent category, followed by fake billing notices, investment scams, and government-agency impersonations. Fraudulent message traffic, Google added, peaks on Monday mornings around the start of the workday — precisely when people are most distracted.
