Last updated on May 17, 2024

Modern communication is very much dominated and everyone prefers a text message as it’s convenient. Cybercriminals have found this as a good source and tries to deceive people through text messages. Smishing means SMS phishing and it tries to trick recipients to reveal sensitive information or download malicious content.

Different types of Smishing

Smishing attacks can take many forms, but their goal is to trick the victim into revealing sensitive information or doing something to help the attacker.

  • Impersonation scams – The attacker pretends to be an individual / organization. The attack happens through a message which pretends to be from a reputable institute.
  • Tech support scams – Attackers claim that your device or account has been compromised and they need sensitive information to recover the account.
  • Account suspension scams – The scammer sends a message claiming that your bank account / social media or any other account has been suspended and tricks the victim into providing sensitive information pushing them to verify their identity.
  • Missed delivery scams – Attackers send messages saying you missed a package. They ask for personal information to reschedule delivery.
  • Prize / Lottery scams – Messages say the victim won a prize or lottery. They ask for payment or personal details to claim the prize.
  • Charity scams – The scammer asks for donations by pretending to be a charity.
  • Malware link scams – Messages consist of a link that, when clicked, installs harmful software on the victim’s device or takes control of it.

How does a smishing attack happen?

The attacker:

  • writes an appealing message.
  • sends the message.
  • makes up a fake problem – E.g., saying the recipient’s bank account is in trouble.
  • offers a solution – E.g., clicking a link or sharing personal information.
  • gathers information – E.g., the attacker collects data.
  • installs malware.
  • How to defend against smishing

  • Be cautious of messages.
  • Avoid clicking links.
  • Check who sent the message.
  • Install security software.
  • Educate yourself and others.
  • Use two-step verification.
  • Don’t reply to such messages.
  • Report smishing attempts.
  • Source: