What is Smishing?

November 12, 2021

Received any suspicious texts lately? Smishing is the practice of sending fraudulent text messages claiming to be someone else (usually a company). This is another type of phishing. Smishing scams tend to target mass groups rather than specific individuals like office workers or executives.

With smishing messages on the rise, it’s become increasingly important to learn more about them. Read on to learn more about smishing- what it is, how to spot a smishing message, and how to protect yourself.

Smishing definition

Smishing is like phishing but uses SMS text messages as a medium instead of e-mail. Phishing is the practice of sending fraudulent e-mails pretending to be someone else – usually a reputable company. Both smishing and phishing aim to get users to reveal sensitive information, such as passwords and credit card numbers.

Types of smishing attacks

There are three different types of phishing/smishing attacks:

  1. Basic phishing/smishing- Mass emails/texts
  2. Spear phishing/smishing- Targeted messages towards a specific user or company
  3. Whaling- Attacks targeted at an executive or someone high up in a company

How to spot a smishing message

There are a few different ways to spot a smishing message, like how one can spot a phishing message. First, ask yourself if it makes sense for the company or organization to contact you this way. Most legitimate organizations would never use texts that request personal information. Smishing scams often do the following:

  1. Create a false sense of urgency (e.g., “your account is locked”), or
  2. Offer a time-sensitive reward (such as a prize, even if you’ve never entered a contest)

If you aren’t sure whether a text is real, check with the alleged sender by contacting them through a different medium – such as a phone number on their website. Never trust the contact information in the text message.

How to protect yourself against smishing messages

There are a few ways you can protect yourself against smishing messages:

  1. As a rule, never click links in text messages or e-mails if you are unsure of their validity. This is the best thing you can do to protect yourself.
  2. Never respond to the sender until you confirm their identity (this may flag you for increased attempts)
  3. Use the tips mentioned above and tricks to identify a smishing message.
  4. Once you identify a smishing message, block the sender
  5. Always keep your phone up-to-date (advanced zero-day threats may exploit a vulnerability in your phone under the right circumstances).