What is smishing?
Smishing is a cyberattack that is carried out over text messages. Smishing is a variant of phishing, where cybercriminals send out fake texts to convince their victim that it’s from someone they know or trust. Usually, the goal is to steal money or get the person to install malware on their device for further attacks.
A smishing scam – a portmanteau of “SMS” and “phishing” – uses text messages to target your money, identity, or data. Much like with phishing, it is a fake text message sent by cybercriminals that attempts to trick you into handing over your data or money. Here’s what they might look like:
- A message pretending to be from a government of other official agency asking for your personal data
- A message from a bank asking to send your credit card details or log-in info
- A message with a link that requires your credit card details to download something
- A message stating that someone you know is in trouble and requesting that you send money
- A fake lottery victory that asks you to send them your data to claim your winnings
- Unsubscription messages stating that you should press the link, enter data or pay money to stop using a certain service (which you might never have even heard of)
- A strange fake message from a legitimate or even your friend’s number. An “innocent” device can be infected by malware and send these messages
These are just a few examples. Similarly to phishing emails, hackers could use a wide variety of scenarios. All of them, however, will ask you to take action either by logging into a website, entering your data, etc. They could also provide a fake number to call with a fake representative. But there are ways to identify and prevent this.
How to identify a smishing message
Here are a few red flags to watch for:
- Urgency. Smishing messages will prompt you to act quickly. They want you to act before you have time to think or to have doubts about the message’s legitimacy.
- Sensitive requests. Most legitimate companies take pains to clarify that they will never ask you for your password or credit card info in a message. However, hackers might send you to false links to enter your personal or credit card data, transfer money, or log in to an account.
- Odd phone numbers. If you notice an odd number (e.g., “5000” or similar), that can be another warning. It is usual the indication of an email sent as a text message. Cybercriminals like this technique, but legitimate senders could use it as well.
- Links. The message might include an odd or shortened link that might look legitimate but isn’t.
- Grammar mistakes.
- Unbelievable offers. If it’s too good to be true, it probably isn’t!
How to protect yourself
Here are a few ways how to protect yourself:
- Don’t reply to the message, even if it asks you to reply to prevent further messages. When you respond, you indicate to scammers that you have an active phone number and you will likely receive a follow-up.
- Keep in mind, that official organizations and banks usually do not request your personal info or money this way.
- If in doubt, you should always call the legitimate number of the organization, person or company claiming to contact you and ask whether they really sent the message. Alternatively, you can go to their website or social media page.
- Report the message to your local or national cybercrime law enforcement.
- Use common sense. Do not click on any of the links, do not transfer money or enter your personal data. Don’t download any apps from links in text messages.
- Always make sure your phone and apps have the latest security updates.
- Try the NordVPN’s Threat Protection feature. It neutralizes cyber threats before they can do any real damage to your device. Threat Protection helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.