Reverse Phone Search

Start your FREE search
The following is for informational purposes only

What is Smishing and How to Prevent It

What is Smishing and How to Prevent It

Text messaging (SMS) is now the preferred method that most people use to communicate. Studies show that users read 98% of all text messages seconds after receiving them. Additionally, recipients respond to 45% of those text messages. Using text messages can be fun and useful, especially when you need to reach someone quickly. However, it can also be annoying to get texts from people you don’t want to hear from or know.

Due to the popularity of text messaging, marketers have caught on, and so have scammers, and they have begun using this venue as another way to reach targets.

Smishing Definition

Technically, smishing is a form of phishing where cybercriminals use text messaging to trick, deceive, or ensnare an unsuspecting victim into providing personal details or money. It is basically another form of a cyberattack.

What is Smishing vs. Vishing vs. Phishing?

What is Smishing vs. Vishing vs. Phishing?

Phishing and vishing have been around for a long time. Both are types of attacks perpetrated by criminals. The term “phishing” means to attempt to trick someone into revealing information (like putting out a fishing pole until you get a bite). Phishing is conducted via email and can be devastating to the victim if they click a link or call a phone number. Scammers use various techniques to trick you into giving them usernames, passwords, and other private information so they can steal your identity or just your money.

Phishing evolved to include phone calls hence the term vishing (voice + phishing). Scam calls are on the rise and one of the top complaints brought to the FTC. Victims lose an average of $1,000 through this type of attack.

In keeping in line with the popular buzz words, a new variation has cropped up to describe the onslaught of spammy text messages we all get. It is called “smishing,” which is a combination of SMS and phishing. Criminals text you, pretending to be someone else, and often include a link that takes you to a malicious website where your device is infected with malware, a virus, or ransomware.

How Does a Smishing Scam Work?

How Does a Smishing Scam Work?

Some of these smishing scams are designed to trick you into thinking it came from a political party or brand you like. You may see a link, and the text message asks you to click it for a quick discount or cast your unofficial vote. If you click the link in a text, your device may be infected with ransomware, a virus, or spyware that tracks your keystrokes so thieves can get into your bank accounts. Some of this malicious software is designed to steal your identity or take control of your phone and then demand a ransom payment to unlock your stuff.

Another way scammers use smishing to mess with you is they direct you to online forms, where you enter your information (verify your password or username), and the scammers intercept it. They may even design a website to look like a legitimate login, but it’s not, you have simply entered your credentials into a fake website, and now the cybercriminals have them.

Scammers have become very clever, and another way they trick you is to troll your social media habits looking for brands you engage with and other personal details they can use to hook you in. They may send a personalized text message with some details making it sounds like they are from a legitimate company wanting to connect with you or get your feedback. But these are really just smishing attempts disguised as something else.

Another popular phone scam (vishing) is when a scammer pretends to be a tech support representative from a company like Apple or Microsoft. Thieves have modified this one for texting. The criminals send you a text message alerting you to a problem with your device or software and urge you to call them quickly or click a link to fix it. If you do, your device may be infected, or if you call, they will attempt to get a credit card or banking details from you or worse, usernames, and passwords to your accounts. Don’t fall for this or any other smishing attempts.

Examples of a Smishing Scam

There are hundreds of different examples of an SMS phishing scam. The most common is a bank smishing scam where fraudsters try to obtain your username/password to your bank accounts so they can drain them of your funds. How this works is they use fear to get you to act without thinking. They may send a text message pretending to be your bank alerting you about a problem with your account or some unauthorized access to your account, and they want to help fix it quickly. They may provide a phone number to call or a link. Without thinking, you pick up the phone and answer all the questions, and now criminals have your bank accounts. The problem with this is that many banks include text alerts with their services, so unwitting victims don’t know the difference until it is too late.

Examples of a Smishing Scam

Another common technique that scammers will use is to send you a text from a spoofed phone number, so it looks legitimate. The message will most likely include a link for you to click on. Once you do, your phone will download a virus or malware, and you will have to pay to have it removed. The most common scams use some form of malware, spyware, or ransomware to steal your information and your money.

Other examples may include dating scams or fraudulent smishing texts pleading with you to send money to help a family member in trouble. Some more devious scammers will send texts that look like they came from a friend. Criminals can peek into your social media accounts and get a lot of information, so it’s easier to be caught by these smishing scams than you might think.

Many of these scams use fear or greed (you won a prize all you have to do is pay a fee) to get someone to click or call. Others may offer you help to pay off your student loan or a great rate on a new credit card. These types of lures are designed to tap into your insecurity and fears about money. Don’t be a victim.

According to the FTC, some scammers send text messages with an invoice you must pay for something you never ordered, and they instruct you to contact them if it is in error. Another common ploy is to send a text message package delivery alert. Scammers know everyone loves to receive packages in the mail, and it might just entice you to click or call.

How to Prevent Becoming a Victim of Smishing

With the rise in phishing scams, users become more educated about the dangers and suspicious of emails from people they don’t know. They are also less likely to click links contained within the email after reading articles and guides like this one warning them of the potential danger. Therefore, criminals have moved a lot of their operations to the SMS platform to be more effective. Thankfully, there are ways you can protect yourself and prevent smishing.

How to Prevent Becoming a Victim of Smishing
  • Be very suspicious of text messages that come from anyone you don’t know, especially those without a full phone number (e.g., 5000).
  • Watch out for poor grammar and spelling (a big indicator that it comes from a non-English speaking scammer).
  • Never click on a link inside a text message. Instead, visit the legitimate website, log into your account, and check things that way.
  • Never, ever provide passwords or usernames to anyone. Banks and other legitimate companies will never ask for this information.
  • Do not provide payment details, especially if you don’t know who you are talking to.
  • Watch out for anything that urges you to act quickly or creates panic in you like a “warning” that something is wrong. Take a minute to verify the sender’s address and phone number before taking any action.
  • Type in URLs into a clean web browser, never use links provided in email or text.
  • Always keep up-to-date antivirus and anti-malware software on your device and run deep scans often.
  • Even if the text looks like it came from a trusted friend, reach out to them another way to confirm.
  • Consider a mobile device VPN which encrypts all your online actions and protects against many forms of smishing.
  • Never install third-party apps from someone you don’t trust.
  • If you receive a text that you have won a prize or are being offered a “big discount,” ignore it, it is a scam. Anything that sounds “too good to be true” is.
  • Do not store your personal banking and credit card information on your cell phone. If you are a victim of smishing, thieves could ransack your accounts before you even know it.
  • Ignore all smishing attempts and delete the messages immediately. Block the number so they cannot continue to harass you.
  • Be aware that the IRS and Social Security Administration will never contact you via text message.

If you are a victim of smishing, report it to the United States Federal Trade Commission (FTC). They have a simple complaint form you can easily fill out online or call them directly to file a report.

Reverse Phone Search