Smishing

Updated: 12/26/2023 by Computer Hope
Scam Alert in red lettering surrounded by a red rectangle.

Smishing is a fraudulent action like phishing that utilizes SMS (short message service) messages rather than e-mail to send bait messages to people.

Much like phishing, a smishing message appears legitimate, asking for personal or financial information by requesting you visit a website or call a phone number. Smishing messages often create a sense of urgency with scenarios such as an account being deleted or an ATM (automated teller machine) card being suspended.

How to spot a smishing message

The most common telltale signs of a text message being smishing are listed below.

  • Starts with words like Action Required, Act Now, Alert, Compromised, or Urgent.
  • You are told to click a link and log in to confirm an account.
  • A statement about a package not being deliverable and requires you to access a link to confirm personal information.
  • Any urgent request asking you to provide credit card information.
  • Addresses you by your e-mail address or phone number or something generic like "Dear user."

Below is an example of a smishing message that tries to get you to click a link and provide login credentials for a bank account. Notice how it attempts to convey a sense of urgency and potentially create panic to get you to act quickly without thinking.

Example of a smishing message.

How to avoid being a victim of smishing

Here are some tips to avoid being a victim of smishing:

  • If the message conveys a sense of urgency, do not panic; stay calm and review the message carefully. If it sounds even a little suspicious, avoid taking any immediate action.
  • Do not reply to the text message. Like responding to a spam e-mail, this verifies the phone number is active and may result in more smishing attempts. If you aren't sure about its legitimacy, call the related company directly to confirm if the text is legitimate or a scam.
  • Do not access website links or call any telephone numbers in the text message. Again, it is better to contact the referenced bank or company directly with any questions.
  • If a "Report Junk" or similar option displayed below the text message, report the message to your phone carrier. Reporting these types of messages allows your carrier to investigate further and block future messages from the sender.

Phishing, Security terms, Social engineering