What is Smishing and How to Defend Against It

  • By David Lukic
  • Feb 23, 2022

People depend on text messages for much more than sending emojis during boring meetings. People send 13 trillion texts worldwide every day, averaging 13 for each person. But there are hazards to so much texting, particularly the potential for smishing.

What is the smishing definition? Smishing is sending fraudulent text messages that appear to be from a trusted source, such as a bank or school, asking for personal information or a PIN number to steal information or funds. Smishing’s email-based twin is phishing.

Phishing has been a successful method of scamming people through email, so it’s natural to try it through mobile phones. However, because cell phone use can be unconscious and automatic, younger people are more likely to be victims of smishing attacks. In addition, companies are using SMS and text messages to reach customers at a high rate, so this volume contributes to the difficulty of discerning real from fake messages.

Email phishing attacks require email addresses, but smishing can be done by computers sending a high volume of messages to randomly generated combinations of 10-digit numbers that are likely to be phone numbers. This process is worthwhile for scammers as studies show that unknown emails are only opened about 10 percent of the time, but people open 98 percent of unknown text messages. That means that even getting one or two percent of those people to act on a smishing message could be very lucrative to attackers if they’re able to steal money or personal information as a result. Smishing is so lucrative for scammers that the volume of these messages is growing exponentially.

How does Smishing Work

When your phone is always in your hand, you’re more likely to trust the information that comes through it. Unfortunately, we don’t always take time to think about which app is sending an alert or whether we recognize the phone number that the newest message is from. That’s what smishing scammers count on: their victims are those who make quick, emotion-based decisions to act on a message before verifying its source.

The characteristics of a smishing attack are:

  • The sender pretends to be someone of authority or representing an important institution like your bank, credit card company, school, or representative of your employer.
  • The message requires you to act quickly – the scammer hopes you’ll respond without thinking.
  • There’s an emotional aspect to the fake text, whether it’s fear, greed, or anger.
  • If you look closely, there’s usually something a little “off” about the message, whether it’s a misspelling, an error in your name, or no personal greeting at all (a sign of a broadcast message sent to many people at once).
  • There’s usually some interaction required, whether clicking on a link or typing in a PIN.

Common tactics of smishing attacks are:

  • Claiming that your bank account or credit card has been hacked and you need to “verify your PIN” immediately.
  • Pretending to be your boss who’s away from the office and immediately needs an important account number or password to access sensitive data.
  • Masquerading as a trusted delivery company or online store, a message requiring you to click on a link to accept a package delivery. Unfortunately, this link will download malware on your mobile phone that may be used to hack into your other accounts.
  • Some are as simple as responding to a message that appears to be from a neighbor – “Is this black cat yours?” You’ve confirmed your phone number by responding, making you a target for future attacks.
  • Some sophisticated attacks may direct you to your bank website then launch an overlay screen that captures your PIN number when you enter it.

what is smishing

How to Protect Yourself from a Smishing Attack

Limiting the number of businesses that use your mobile number to send you text messages is one way to prevent some smishing attacks. If you have fewer messages in a day, you’re less likely to blindly respond to one that is an attack. It’s good practice to keep your cell phone number as private as possible because it’s one of many pieces of personally identifying data that may be sold on the dark web for account hacking and identity theft purposes.

Stop and scrutinize any unexpected messages. Things to look for:

  • Scammers may use shortened URLs or extended URLs that are either difficult to decipher or that don’t show up completely in the address bar of your browser. This tactic makes it nearly impossible to determine who you’re responding to.
  • Do not respond quickly to messages that feel urgent.
  • Take a moment to investigate where it came from. If it still appears legitimate, close the message, and call the individual or business using their contact number or information found on an official website.
  • Use a service or reverse phone number lookup tool that verifies phone numbers and train yourself to use it anytime an unrecognized message appears.

Additional Protection

Installing a VPN (a virtual private network) on your phone is another way to protect yourself. VPNs encrypt information and spoof your location, making it harder for scammers to capture and use accurate information from your device.

Updating your virus protection software and keeping your operating system updated are always essential. These steps should minimize data loss and perhaps block malware that may be launched on your phone through a smishing text.

Blocking unknown phone numbers or only accepting messages and calls from known contacts is a good practice if it’s possible. Some people who use their phones for business and personal purposes are not able to block unknown numbers because they depend on incoming calls and messages for work. Also, blocking phone numbers or smishing messages might not be effective. Because sophisticated scammers know how to spoof phone numbers, they can change the incoming number whenever necessary. Experts suggest deleting messages rather than responding in any way.

About the Author
IDStrong Logo

Related Articles

4 Most Common Bitcoin Scams

Scams are creeping into all areas of life these days. Any new type of technology is at risk. Bitco ... Read More

Romance Scams, The Love to Escape from

Scams have been around a long time, that’s nothing new. One of the most disturbing and heartbrea ... Read More

Top 6 Craigslist Scams and How To Avoid It

Craigslist is a website used for localized classified ads. It was founded in 1995 by Craig Newmark ... Read More

Common PayPal Scams & How to Prevent Them

PayPal is one of the top digital currency exchanges in the world. Nearly everyone has heard of Pay ... Read More

The Emergence of Cash App Scams

Peer-to-peer payment apps are all the rage these days. People use them for swapping money back and ... Read More

Latest Articles

Weekly Cybersecurity Recap March 24

Weekly Cybersecurity Recap March 24

Cyber-attacks are a major problem that exposes millions of people to fraud on an annual basis. This week there were attacks on some truly massive organizations like the NBA and PayPal, as well as a cyber security company and a few medical companies.

Independent Living Systems LLC Gets Hacked, Exposing 4 Million Patients

Independent Living Systems LLC Gets Hacked, Exposing 4 Million Patients

Independent Living Systems LLC is a healthcare facility provider for the elderly, physically challenged, and impaired. The company establishes short-term healthcare facilities for those that need extra care.

Rubrik Gets Hit by The GoAnywhere Security Vulnerability: Is Customer Data at Risk?

Rubrik Gets Hit by The GoAnywhere Security Vulnerability: Is Customer Data at Risk?

Rubrik is a security company that specializes in cloud data management services. The company helps store and secure information for customers, and it's vital that it is able to keep that data safe.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address