Skip to main content


Home War texting

War texting

(also SMS hijacking, SMS spoofing)

War texting definition

War texting, also known as SMS hijacking or SMS spoofing, is a cyber attack that exploits vulnerabilities in mobile networks to gain unauthorized access to a victim’s mobile device. In war texting attacks, cybercriminals send specially crafted SMS messages to the target's phone, tricking the device into executing commands or revealing sensitive information.

See also: active attack

How war texting works

  • Attackers send SMS messages containing malicious code or instructions to the target's phone.
  • These messages might look harmless or pretend to be from real companies, but they carry instructions or code that may cause damage or perform malicious actions on the phone.
  • The SMS messages are carefully crafted to exploit vulnerabilities in the phone's operating system, messaging applications, or the mobile network itself.
  • Once the target's phone receives the malicious SMS, the vulnerabilities are triggered, allowing the attacker to execute specific commands on the device.
  • The attacker may use the exploited access to gain control over the device, steal sensitive information, or conduct further attacks.

How to prevent war texting attacks

  • Be cautious with text messages. If you receive a message from an unknown number, avoid clicking on links or responding to it. Never provide personal information in messages.
  • Enable two-factor authentication. Using 2FA means completing specific actions requires additional verification — like a one-time code sent to your phone. 2FA provides an extra layer of security against unauthorized access.
  • Be mindful of where sharing your phone number online. When asked for a phone number online, think twice before giving it. War texting attackers rely on obtaining your phone number from publicly available sources and databases. Limiting where you share your number online reduces the chances of a war texting attack.