Smishing
SMS phishing - using text messages to trick victims into clicking malicious links or revealing sensitive information.
Also known as: SMS Phishing, Text Message Phishing, Text Scam
Category: Concepts
Tags: cybersecurity, security, fraud, attacks, mobile
Explanation
Smishing (SMS phishing) is a social engineering attack that uses text messages to deceive victims. Attackers send fraudulent SMS messages designed to trick recipients into clicking malicious links, downloading malware, or revealing sensitive information like passwords and credit card numbers.
Smishing exploits several factors: people tend to trust text messages more than emails, SMS has higher open rates (98% vs 20% for email), mobile screens make it harder to inspect URLs, and the informal nature of texting lowers our guard. Messages often create urgency to prompt immediate action without careful consideration.
Common smishing scenarios: 'Your package couldn't be delivered - click here to reschedule,' 'Your bank account has been locked - verify your identity,' 'You've won a prize - claim it now,' 'Unusual login detected - secure your account,' or fake two-factor authentication requests.
Defense strategies: never click links in unexpected text messages - instead, go directly to the official website or app. Be suspicious of messages from unknown numbers claiming to be companies you do business with. Legitimate organizations rarely ask for sensitive information via SMS. Report suspicious messages to your carrier (forward to 7726/SPAM in many countries) and delete them. Enable spam filtering on your phone.
Related Concepts
← Back to all concepts