Skip to content

What is Smishing in Cyber Security?

There is a type of phishing that you might not have heard of, but it has become a popular way scammers steal your financial data and other private information. As of 2021, there were up to 58% more smishing incidents than the previous year, costing $10.1 billion, according to a RoboKiller report.

Smishing is one of the most dangerous and effective types of phishing being used by cybercriminals today. But, what is it exactly and how can you defend yourself against it?

There are specific colleges that specialize in cyber security if that is a field of interest.  A career in computer systems support, networking, cybersecurity or programming is a sought-after growing field. Or if you just want to take some classes to stay ahead of the scammers, there’s that too!

What is Smishing?

Smishing, or SMS phishing, is a type of phishing technique being carried out through text messages instead of the typical phishing messages that are sent through emails. It’s basically the SMS version of a phishing scam.

Smishers use text messages to scam people for their private data. These scammers pose as a familiar or trusted sender and persuade people to do an urgent action to solve a problem, prevent a threat or obtain a benefit such as a free gift.

Usually, these scammers pose as your bank or someone you trust and send malicious text messages asking for your personal or financial information. Sometimes, scammers can also create other pretend scenarios in their texts, such as a family member needing help, winning money, and an incoming refund.

The scammer’s message always has a link attached to it, and the message is designed to manipulate the victim to click the attached link. Once the link is opened, one of two things will happen. It’s either the victim’s private information will be sent to the scammer directly by means of a fraudulent website, or a malicious app or program will be downloaded to the victim’s smartphone.

Scammers will use these text messages to get a hold of the victim’s usernames, passwords, credit card numbers, PINs, etc. Of course, this makes stealing the victim’s money, and occasionally even their company’s money, possible. So essentially, these criminals want to snitch your private data in order to use them to commit fraud, identity theft and/or other cybercrimes.

How to Spot a Text Message Scam (or Smishing)

There are many telltale signs that warn you about a potential smishing attack. These warning signs include:

  • Missing phone digits. Most text messages come from a 10-digit number, not one with 11 digits.
  • Suspicious links. If it tells you to click a link and that link features a strange combination of letters, then be wary. Trustworthy URLs typically include HTTPS:// or .com/.org/.gov.
  • Poor spelling and grammar. A quick and easy way to spot a text scam is to check for proper spelling and grammar. Misspellings, missing words, poor grammar, weird spacing or odd sentences in general are red flags.
  • Request for personal information. If a text message asks for your Social Security number, password or other personal information, then it’s a potential smishing attack.
  • Urgent action required. If the text message calls for your immediate action on something, then it’s a major warning sign that it could be a scam. Legitimate institutions don’t communicate this way.
  • Not applicable to you. If you don’t remember entering a contest or ordering a package, chances are you’re looking at a text scam.

How to Defend Against Smishing

Don’t fall victim to smishing. Follow these tips to stay safe and keep your private information secure.

  • If unsure, presume it’s smishing. If you have any doubts at all about the legitimacy of a message or its sender, it’s always safer to presume that it’s a scam than assuming it’s real without verification.
  • Evaluate. If you suspect a text message to be a scam, such as if it asks you to do an urgent action, slow down and give yourself enough time to evaluate it for signs of smishing.
  • Filter. To avoid receiving unwanted messages, including spams and scams, turn on your phone’s “filter text messages” feature.
  • Ignore. A simple, easy and no-effort way of defending against smishing is to simply ignore possible scam messages. Don’t reply or click on any links.
  • Block. If you receive numerous messages from the same number and you’re afraid it might be a scam, you can block that number so you don’t receive their messages anymore.
  • Report. Ask your phone carrier to investigate a potential text scam by reporting it to them, and report such smishing attempts to the authorities.
  • Contact the organization. If a text message says it came from this or that company, give them a call to make sure it really came from them. Remember to contact them only through a phone number or website that you know or you’ve verified to be legitimate.

Why is Smishing More Dangerous Than Normal Phishing?

Most people these days know about phishing and its dangers, how to recognize it, and how to avoid it or defend against it. But, with the rise of more cyber criminals using smishing (a not-so-common type of phishing), more people are prone to believing its lies and getting scammed. Usually, these scam text messages are unanticipated, and because people trust text messages more, the possibility of somebody getting scammed by smishing is now very likely.

Even though people are more doubtful of emails than text messages, emails display more signs that would help you recognize a scam than SMS messages do. When you receive an email, you’re able to view the sender’s address, you can evaluate the design and layout, and judge how generally believable the message is. But with texts, clues to evaluate the realness of the message are limited, and scammers with technical skills can deceive the victim (receiver of the text) by replacing the scammer’s actual number with a fake one.

What to Do If You Become a Victim of Smishing

When it comes to smishing, it’s better safe than sorry. But, if you think you’ve become a victim of a text scam, here’s what you can do:

  • Report. Inform your phone carrier (text S-P-A-M to 7726) and the authorities about the smishing attempt so that they can investigate. You can fill out a simple form to report smishing to the FTC here: For package delivery-related smishing attacks, check this article from the USPS.
  • Change. If you think any of your account PINs or passwords have been compromised, it’s best to change them right away.
  • Monitor. Check your account for any unfamiliar login locations and other strange activities.

Leave a Reply

Your email address will not be published. Required fields are marked *