As society becomes more “mobile-first”, scammers are adapting their phishing schemes – usually done by email – to target mobile users via text messages. This is also known as smishing. 

What is smishing?

Smishing – SMS (or text) phishing – is when cybercriminals send fraudulent text messages to trick you into clicking on a malicious link. They do this with the aim of stealing your personal data which they can then use to commit fraud or other cybercrimes, such as stealing money or company data. 

Cybercriminals usually use one of two methods to steal your data: 

  1. Malware – getting you to download malicious software to your phone that the criminals can use to access your phone whilst tricking you into typing confidential information
  2. Malicious websites – sending you to a legitimate-looking website where they ask you to type in confidential information

How to identify smishing

As with phishing attacks, criminals will often pose as a legitimate company – such as your mobile or internet service provider – offering you a deal or special offer with a link. They might also pretend there is a problem with your phone that you need to solve by visiting a specific website. And many attackers are able to hide their true number using a method called “spoofing” so even if it looks like your phone company is texting you, it might not be.

In most cases, it’s best to ignore these text messages, particularly if they’re contacting you about a special offer. Remember, if it sounds too good to be true, it usually is. 

If the message is conveying some sort of warning, it’s always best to independently check with the organisation directly, preferably in person if they have a physical store, or by finding the official phone number. In general, be wary of clicking links from text messages, especially if you don’t know the company or the person contacting you.