FAQ | What’s a ‘Smishing’ Scam? How Can I Protect Myself from Becoming Another Victim?

Unfortunately, there are countless ways for scammers and cybercriminals to try to scam you or get ahold of your information – and the worst part is that they’re constantly coming up with new ways to attack regular people.

One way that might not be as common nowadays is called smishing. This scam is pretty much used to confuse the victim into believing the criminal is someone they can trust. Here’s everything you need to know about smishing and how you protect yourself against an attack.

What Is Smishing?

Smishing is a word that comes from Short Message Services, better known as SMS (text messaging), plus the word phishing.

If you don’t know what phishing is, this is a scam in which cybercriminals send emails pretending to be a company or a person close to the victim to gain trust.

Once they do that, the criminal would try to make the victim share personal information about themselves, visit a website to steal the victim’s login credentials, and/or install malware on their computer or phone. 

Smishing works the same way. This is a type of social engineering attack criminals use to send text messages to people claiming they’re a company like a bank, asking for your personal and financial information like your account name and passwords.

If they succeed, criminals will gain your login credentials and personal information in order to steal from you or get access to your private information. But of course, there are other reasons why someone might target you. 

How Does Smishing Work?

As we mentioned before, it often relies on people’s trust. Criminals will try to convince the victim to share their information claiming they’re a company and that their information is secure. 

Many times they will also give the victim a sense of urgency. For instance, a criminal might say that someone hacked your bank account and stole all your money, and you need to give them your credentials so they can “fix” the problem as soon as possible. It sounds scary enough to convince a lot of people without ever questioning where the message came from. 

• Usually, the end goal is to get a person’s information so they can log in to the victim’s account and steal their money or information.
• Still, criminals might also use smishing to try to control your device by installing malware as soon as you open a malicious link. 

They’d be able to get a hold of your smartphone’s information and possibly even retrieve your data, like your contacts, so they can use them to spread their attacks.

What Types of Smishing Should You Be Aware Of?

Criminals use smishing to impersonate many different people, so there’s not just one type of attack you should be aware of. As a general rule, you should try to question every shady text message you get, but these are some common tactics criminals use. 

1. Text messages saying you won a gift even though you never participated in anything.
2. Text messages about problems arising in your bank account claiming you need to share your credentials.
3. Text messages from the government. Because of the global pandemic, people started using COVID-19 as a way to attack people.
4. Texts claiming to be from the IRS saying that you might go to jail for tax evasion or something similar. 
5. Texts about packages you never asked for that say they need your physical address or payment so you can receive it.

How to Protect Yourself Against Smishing?

As you probably already know, there’s no way to be 100% safe against smishing or any other cyber attacks, but there are ways for you to protect yourself as much as you can against a possible attack.

The first thing you need to know is that if you get a shady text message, avoid sending a reply. Sometimes, scammers will just send a bunch of messages to random numbers hoping for anyone to reply. That way, they know which phone numbers are real and are the ones to target. 

Also, you need to know is that you should never share any private information via text messages. That includes email addresses, passwords, phone numbers, your full name, or any other type of information, especially if the message seems shady or you don’t know the person on the other side. 

Don’t ever open the link if you receive a text message from someone you don’t know. Sometimes just a single tap is more than enough to get yourself in trouble.

Speaking of links, make sure it’s a real website if you want to open a link. Someone might send you a link to “arnazon.com” with an “rn” to make it look like an “m.” If you don’t double-check, it might look like a regular Amazon link to you. 

If you’re worried the message might be real, contact the company yourself. Call them or visit their website to make sure there’s actually a problem with your account. If there is a problem, you’ll be able to fix it without giving a lot of information. 

And if you’re worried about the message, try checking the phone number. If it only has a few digits, it’s probably a fake number, or it’s possible that it’s a number from another country. 

Overall, be aware of the text messages and emails you get from any entity. Big companies like banks won’t ever ask you for credentials, especially not in a text message.