Your IP: Unknown · Your Status: Unprotected Protected

Blog In Depth

Smishing explained

Nov 22, 2019 · 3 min read

Smishing explained

Have you ever noticed a text message that looks suspicious or is simply too good to be true? Or maybe you got an unexpected text from a bank or claiming that you won something? Don’t be too hasty. A careless click could cost you thousands because it might be smishing – a common scamming technique.

What is smishing?

A smishing scam – a portmanteau of “SMS” and “phishing” – uses text messages to target your money, identity, or data. Much like with phishing, it is a fake text message sent by cybercriminals that attempts to trick you into handing over your data or money. Here’s what they might look like:

  • A message pretending to be from a government of other official agency asking for your personal data;
  • A message from a bank asking to send your credit card details or log-in info;
  • A message with a link that requires your credit card details to download something;
  • A message stating that someone you know is in trouble and requesting that you send money;
  • A fake lottery victory that asks you to send them your data to claim your winnings;
  • Unsubscription messages stating that you should press the link, enter data or pay money to stop using a certain service (which you might never have even heard of);
  • A strange fake message from a legitimate or even your friend’s number. An “innocent” device can be infected by malware and send these messages.

These are just a few examples. Similarly to phishing emails, hackers could use a wide variety of scenarios. All of them, however, will ask you to take action either by logging into a website, entering your data, etc. They could also provide a fake number to call with a fake representative. But there are ways to identify and prevent this.

How to identify a smishing message

Here are a few red flags to watch for:

  • Urgency. Smishing messages will prompt you to act quickly. They want you to act before you have time to think or to have doubts about the message’s legitimacy;
  • Sensitive requests. Most legitimate companies take pains to clarify that they will never ask you for your password or credit card info in a message. However, hackers might send you to false links to enter your personal or credit card data, transfer money, or log in to an account;
  • Odd phone numbers. If you notice an odd number (e.g., “5000” or similar), that can be another warning. It is usual the indication of an email sent as a text message. Cybercriminals like this technique, but legitimate senders could use it as well;
  • Links. The message might include an odd or shortened link that might look legitimate but isn’t;
  • Grammar mistakes;
  • Unbelievable offers. If it’s too good to be true, it probably isn’t!

How to protect yourself

Here are a few ways how to protect yourself:

  • Don’t reply to the message, even if it asks you to reply to prevent further messages. When you respond, you indicate to scammers that you have an active phone number and you will likely receive a follow-up;
  • Keep in mind, that official organizations and banks usually do not request your personal info or money this way;
  • If in doubt, you should always call the legitimate number of the organization, person or company claiming to contact you and ask whether they really sent the message. Alternatively, you can go to their website or social media page;
  • Report the message to your local or national cybercrime law enforcement;
  • Use common sense. Do not click on any of the links, do not transfer money or enter your personal data. Don’t download any apps from links in text messages;
  • Always make sure your phone and apps have the latest security updates.

To learn more about cybersecurity, subscribe to our monthly blog newsletter below!


Paul Black
Paul Black successVerified author

Paul is a technology and art enthusiast who is always eager to explore the most up-to-date issues in cybersec and internet freedom. He is always in search for new and unexplored angles to share with his readers.


Subscribe to NordVPN blog