Resources, Advice & Tips for Covid-19
Read More

Recognizing Smishing Scams

Michael Kwan
New SMS Message on Cell Phone

Mobile phones and the Internet have made many daily tasks a lot easier, but it has also opened up several opportunities for criminal behavior. One such example is smishing, a dangerous phenomenon that is becoming increasingly prevalent on cell phones and other mobile devices.

What Is a Smishing Scam?

The term "smishing" is a combination of the terms "SMS" and "phishing."

  • SMS, or Short Message Service, is the technology that is used for sending and receiving standard text messages on mobile phones.
  • "Phishing" is a term that arose with illegal activity on the Internet where criminals attempt to acquire sensitive and personal data, like usernames, passwords, and banking information.

While "smishing" usually refers to messages designed for identity theft purposes sent via SMS on cell phones, the term can also be used more broadly to describe similar activity through other channels. For instance, it is possible to encounter a smishing scam through instant messaging programs and online social networks.

Through smishing scams, people can have their email accounts compromised, they can lose substantial amounts of money, they can infect their mobile devices with viruses and malware, and they can unwittingly sign up for subscription services that charge a fee.

Smishing Versus Phishing

The main difference is that phishing generally refers to this type of activity through e-mail messages, typically involving e-mail "spoofing" where the sender is masquerading as a trustworthy organization or entity. Smishing, on the other hand, typically refers to this activity through text messages and other mobile messages on cell phones and smartphones.

Generally speaking, smishing and phishing are fundamentally the same thing.

  • As with more conventional phishing scams, smishing scams usually use some form of "bait" or "hook" to elicit an immediate response from the recipient of the message.
  • The sender of the message is typically posing as a different authority, like an online store, a financial institution, or a government organization.
  • The message is meant to get the recipient to click on a link or unwittingly provide personal information to the criminal or hacker.

Warning Signs

Many of the warning signs of a smishing scam similar to the ways to recognize an email scam. Other warning signs include the following:

  • Poor writing: Messages that very poorly written, often obviously by individuals not fluent in the language, that contain significant grammatical and spelling mistakes are often smishing scams.
    Ridiculous Text Message
  • Calls for immediate action: A smishing message may say that you will be charged a certain amount of money every day unless you de-activate a service (that you didn't actually subscribe to). It may also say that your account at your bank has been suspended and you must "immediately" reactivate your account by clicking a link.
  • Suspicious links: A smishing message may instruct you to "click here," but the link is disguised and doesn't actually lead to the website that you think it does. The sender may be posing as AT&T, for example, but the link leads to a completely different website with a suspicious URL.
  • Requests to "confirm" personal data: A bank will never ask you to "confirm" your ATM card PIN through a text message or any other form of electronic communication. If the call to action is to "confirm" any personal information, like credit card information, by re-entering it a website linked in the message, it may be a smishing scam.
  • Amazing offers: Many smishing scams offer "bait" by saying that you've won an incredible prize of some kind. Keep in mind, however, that anything sounds too good to be true is likely a scam. You can't win a contest that you didn't enter and you aren't going to be notified of an inheritance via text message.
  • Sender is "5000": When you receive a normal text message from a friend or colleague, you can see that the message was sent from a certain phone number. However, automated text messages sent from a website or via e-mail (and thus not from a mobile phone) will show that the message was sent from "5000" or some other non-phone number. That should raise a red flag.
  • Unrelated information: If you receive a message saying that your account with Bank of America has been suspended, but you do not have an account with Bank of America, it is most likely a smishing scam or phishing scam.

How to Avoid Falling Victim

Don't Fall for a Smishing Scam

If there is anything that seems fishy about a message, do not take any action on it and do not click on any links contained within it. The best way to avoid falling victim to smishing scams is to be extra careful about how you handle these messages. You wouldn't give out the PIN to your ATM card to a random stranger on the street wearing the uniform of your bank, so why would you give that information to a faceless entity that asks for the same information through a text message? If you are indeed concerned that your banking information may have been compromised, contact your bank directly rather than clicking on any links in any SMS, IM, or e-mail message. The same is true with service providers, online stores, or any other organization or business.

Was this page useful?
Recognizing Smishing Scams