Why Phone Numbers Are Becoming the Weakest Link in Scam Detection

For a long time, scam detection has been dominated by URLs. Phishing domains, malicious links, fake websites — that is where most tools focus, and for good reason. URLs are structured, measurable, and relatively easy to analyse at scale. But if you spend enough time looking at real scam cases, something starts to stand out. The weakest link is no longer the website. It is the phone number. The shift most people miss A lot of scam flows today do not actually end on a website. They start somewhere else, and then they pivot. A typical pattern looks like this: You receive a message — maybe SMS, maybe WhatsApp, maybe even a legitimate-looking email. There is often a link involved, but the link is not always the end goal. It is just a bridge. At some point, the interaction moves to a phone call. That is where the real manipulation happens. And that transition is where most detection systems quietly lose visibility. Why phone numbers are harder than URLs From a detection standpoint, URLs are