Key Takeaways

• Smishing is phishing delivered by text—known as Short Message Service (SMS)—to mobile phones and messaging applications.
• A phish is any type of electronic communication that aims to steal personal or proprietary information for fraudulent purposes.
• Be wary of responding to text messages from unknown senders, especially if the message includes a link, requests money, or sounds urgent.

Smishing is a rapidly growing variant of one of the internet’s oldest scams. This type of phishing aims to trick you into handing over sensitive data and information, but instead of using email, cybercriminals send their messages via text or SMS. Smishing attempts are typically sent to mobile phone users as standard texts, but they can also appear on popular messaging applications.

Understanding Smishing

Smishing is a form of social engineering where scammers exploit emotions like fear, sympathy, curiosity, or greed to manipulate individuals into divulging personal or business information. These fraudulent texts often masquerade as messages from trustworthy sources, such as delivery services, utility companies, banks, or government agencies. The sensitive information they seek may include usernames, passwords, credit card numbers, bank account numbers, and other proprietary data. Once obtained, cybercriminals may sell this information on the black market or use it to commit identity theft, drain bank accounts, or redirect payments to themselves.

Common Smishing Tactics

1. Making False Promises
   Scammers use various tactics to entice individuals into parting with their personal data and money. These tactics may include:
   • Promises of gift cards, prize money, or other winnings.
   • Offers for low-interest or no-interest credit cards.
   • Promotions for coupons and discounts.
   • Claims of student loan debt forgiveness.

1. Impersonating Legitimate Companies
   Smishing messages may claim to be from legitimate companies, attempting to create a sense of urgency about your account or transactions. For example:
   • Messages from supposed customer service representatives verifying account information.
   • Notifications of suspicious charges or problems with payments.
   • Fake invoices urging you to contact them for unauthorized purchases.
   • Package delivery notifications or tracking links.

1. Exploiting Charitable Impulses
   Some scammers prey on your willingness to help others by requesting donations after disasters or posing as acquaintances soliciting contributions.

Five Ways to Protect Against Smishing:

1. Avoid Clicking Links
   Do not click on hyperlinks in texts from suspicious or unknown numbers. This is especially true for shortened URLs, which are often used by cybercriminals to mask malicious websites.
2. Verify Requests for Sensitive Information
   If you receive a text urging you to pay or provide sensitive information, pause and verify whether the source is legitimate and trustworthy.
3. Do Not Respond to Unknown Senders
   Never reply to texts from unknown or suspicious numbers, even to request that they stop messaging you. Doing so could confirm to scammers that your number is active, leading to more harassment.
4. Keep Your Phone Updated
   Regularly update your phone’s operating system to protect against malware that could be hidden in smishing links.
5. Watch for Red Flags
   Be cautious of social engineering red flags, such as urgent messages or offers that seem too good to be true. If something appears suspicious, it probably is.

Conclusion

Smishing scams are on the rise, particularly during periods of heightened fear or uncertainty, such as natural disasters or global crises. Protecting yourself against these scams requires vigilance and awareness. Remember, legitimate organizations will never ask for personal information through text messages. If you receive a suspicious message, contact the organization directly through a trusted channel to verify its authenticity. Staying informed and cautious can help you avoid becoming a victim of smishing scams.