Smishing stands for ‘SMS phishing’. Just like email phishing, SMS phishing is an attempt at a security attack in which the phone user is tricked into either downloading a virus or malware onto their mobile device or into giving their personal data over. And while email security features have made it more difficult for phishing emails to reach your mailbox, it is more difficult to distinguish between a genuine and a fake text message.


Thought to have first emerged in 2006, smishing was not as valuable to scammers at first due to the cost associated with sending text messages. However, as the cost of texting has decreased while the number of people who own mobile phones has increased, this has changed.


While many people have become accustomed to filtering through email inboxes that are full of spam, promotional emails and other clutter, most people do not regularly receive unknown or unwanted text messages.


This gives smishers an advantage, because SMS tend to elicit greater response and urgency than emails. People also seem to trust more texts rather than emails, because of the idea that it is more difficult to get hold of one’s mobile number rather then their email address


How does it work? 


Smishing is usually carried away by sending a SMS that contains link to a website. Once they click on the website, the phone owner is prompted to either download a program that allows their phone to be controlled by a hacker or submit personal information like bank login and password.


But how do people get tricked? Smishing uses elements of social engineering to get people share personal information. The messages often leverage your trust or fear in order to obtain information. For example, the message will say that if you don’t click a link and enter your details then you’ll be charged. Or they often aim to trick you into thinking that you’re texting your bank.


An example of a smishing attach is the Argos text scam. The attack targets customers that own an ‘Argos card’  by sending them a text message, informing them that they’re owed a £180 refund and inviting them to click on a link where they can leave their bank details. In another version of the scam customers are told they have a package waiting for them, followed by a URL which directs them to a website offering free iPhones in exchange for bank details.


How can you protect yourself?


Here are a few things you can do to protect yourself from SMS phishing:


  • Never give away your personal details if a text from unknown number requests them
  • Avoid clicking any links from unknown senders
  • Don’t text back. Responding to the text message can allow malware to be installed that will silently collect personal information from your phone.
  • Be extra alert to the fact that any text that claims to be from your bank might not be genuine
  • Block the number to prevent further messages

What is smishing?