Smishing – Text Scams

Have you heard of ‘smishing’? It sounds silly, but it’s becoming an all-too-serious problem.

The term is a portmanteau of ‘SMS’ and ‘Phishing’.  Phishing is the use of fake emails that impersonate trusted companies and ask users to click on links to visit a fake website that asks for their account details. Smishing is the equivalent for SMS text messages sent to mobile phones instead.

The principles are the same; both send a message designed to look like it came from a trusted source. Smishing has taken longer to become commonplace as the hardware needed is different and harder to obtain, but smishing is now a rapidly rising form of fraud because text messaging is such a widely used form of communication.  That makes it a highly efficient way to throw out a large number of attacks without failed attacks wasting significant time or effort.

These scammers will manufacture some kind of urgent situation and thus pressure targets into following the message’s instructions immediately rather than stopping to think about whether or not the message is genuine. Common examples include a package being held and requiring an additional payment to cover delivery, or a warning that the recipient has been identified as a contact of a confirmed case of COVID, with instructions to buy tests from a link provided in the message. These kinds of messages are designed to pressure recipients into following a link and making payments to an account, thus unwittingly delivering those details to a scammer.

If you get a text message out of the blue that’s asking for any kind of payment or personal details, it’s advised to check the number the text comes from. If in doubt, look up the company that the message is supposed to have come from and check to see if they recognise the contact number. Never follow a link from a text unless you are certain that it’s genuine. If you’d like further advice on spotting scam text messages, just get in touch.