Skip to main content


Home Smishing

Smishing

Smishing definition

Smishing is a cyberattack that is carried out over text messages. Smishing is a variant of phishing, where cybercriminals send out fake texts to convince their victim that it’s from someone they know or trust. Usually, the goal is to steal money or get the person to install malware on their device for further attacks. Smishing could be a message pretending to be from your bank or a government agency asking you to provide personal data. It could also announce you won a contest or the lottery and give you a malicious link to claim it. Fake messages could even come from a person in your contacts list whose phone was infected by malware.

How to recognize smishing

Smishing attempts can be recognized by someone:

  • Trying to create fake urgency.
  • Asking for sensitive information.
  • Using a suspicious phone number.
  • Redirecting, using URL shorteners.
  • Offering unrealistic awards and prizes.

How to protect yourself from smishing

  • Never respond to suspicious messages.
  • Never give out personal information — call and check with the service provider if you’re not sure what to do.
  • Never open links from unknown sources.
  • Use a VPN to improve your security and privacy online.
  • Use additional security software on your phone, like NordVPN’s Threat Protection Pro feature, which stops you from landing on malicious websites.

Watch it explained: Smishing and other terms