Telecommunications operators’ firewalls struggle to detect evasive fraudulent SMS messages. Method: This study constructs the first systematic framework distinguishing spam from fraudulent SMS, based on 1.35 million user-reported messages. It proposes the inaugural fine-grained 12-category taxonomy for SMS fraud—identifying “wrong-number” fraud as the most prevalent—and integrates text clustering, semantic analysis, and infrastructure-level attribution to uncover attackers’ exploitation of telecom networks and third-party hosting services. Results: Among reported samples, 35.12% are spam SMS and 40.27% are confirmed fraudulent SMS, empirically validating the efficacy of user reports in identifying stealthy fraud. This work establishes a novel analytical perspective, methodological foundation, and actionable classification benchmark for telecom anti-fraud systems.

Mobile network operators implement firewalls to stop illicit messages, but scammers find ways to evade detection. Previous work has looked into SMS texts that are blocked by these firewalls. However, there is little insight into SMS texts that bypass them and reach users. To this end, we collaborate with a major mobile network operator to receive 1.35m user reports submitted over four months. We find 89.16% of user reports comprise text messages, followed by reports of suspicious calls and URLs. Using our methodological framework, we identify 35.12% of the unique text messages reported by users as spam, while 40.27% are scam text messages. This is the first paper that investigates SMS reports submitted by users and differentiates between spam and scams. Our paper classifies the identified scam text messages into 12 scam types, of which the most popular is 'wrong number' scams. We explore the various infrastructure services that scammers abuse to conduct SMS scams, including mobile network operators and hosting infrastructure, and analyze the text of the scam messages to understand how scammers lure victims into providing them with their personal or financial details.