Back to Blog

Smishing: The Phishing Scam That Targets Your Phone

Emma Woods

Smishing is becoming one of the most commonly used variants of phishing. This very simple method of phishing is fooling many people daily. Why is it so successful?handsom man using his phone to text in work

Whether you're doing online banking, shopping or just going through your emails, the risk of becoming a victim of fraud is higher than you might think. Phishing techniques are only getting more sophisticated - as exemplified by the phenomenon of smishing.

What is smishing?

Smishing is short for “SMS phishing”. Similar to our computers, our mobile phones can be a target for hackers looking to steal information. There are billions upon billions of text messages sent and received across the globe every day, and a growing number of these messages are now spam, phishing, or other malicious attacks.

Many of us assume that mobile phones are safe. Whether we're sending a quick text or browsing through social media, it's hard to imagine that the security threats we encounter on our PCs and laptops can be transferred into the palms of our hands - but that's exactly what smishing does.

Like email phishing, a smishing attack attempts to either trick us into downloading a harmful virus onto our mobile phones or trick us into giving up our personal data. With the use of Short Message Service (SMS) systems, the attack comes in the form of a legitimate-looking text message. This type of attack has been around for well over five years, but it's only recently that smishing has truly started to strike fear in the eyes of the security minded.

What do smishing messages look like?

text message screenshot ofa phishing attempt

Much like the most common types phishing attacks, smishing messages may urge you to reply immediately to stop something bad from happening. For example, the message might appear to be from your bank, telling you that your credit has been compromised and you need to verify your account straight away using a web link (which will actually direct you to a phishing website that aims to steal your personal data).

This is the main reason why so many smishing attempts are successful - cyber criminals prey on this rapid responsiveness. The messages often contain a level of urgency to encourage you to act quickly. They may be offering you something for free (“The first 15 responses win a £100 Amazon voucher") or they might advertise an unmissable discount that is only available if you “ACT NOW!”.

close up of a young girl scrolling through her mobile phone

Who are the main targets?

A main target of smishing has so far been banking customers, although there are many other types of victims, where as phishing has a much wider target of victims. Messages often aim to trick customers into thinking they are being contacted by their bank, and then steal information that should be kept secure.

Santander customers have especially been in the news recently, where some have been scammed out thousands of pounds. One customer narrowly avoided becoming a victim of smishing after she received a text message saying her Santander account had been blocked. The text, which appeared in a message thread in which she had previously received genuine Santander messages, directed her to click on a link to reactivate her account. 

How can you protect yourself from SMS phishing scams?

One thing to remember about phishing is the attack can only cause damage if you take the bait. They're are a few simple steps you can take to protect yourself from SMS phishing scams.

Like any cyber attack, vigilance is the key to protecting yourself:

  • Be alert to the fact that any texts claiming to be your bank might not be genuine.

  • Never give away any private or financial information by text.

  • Avoid clicking any links sent from unknown senders - and even if it seems to be from someone in your address book, if it looks iffy, trust your instincts.

  • Think carefully before replying to any unexpected text that urges for a quick response – this is often a scare tactic.

  • If your phone has the capability, block the number to prevent further messages.

  • Never call the number of an unknown texter.


Phishing Awareness Kit

Related Posts

The Complete Guide to Phishing Scams

Image of Elliot Bolland
Elliot Bolland

Phishing is an online scam where a cyber criminal (usually impersonating a trusted company or...

Read more

Your Complete Guide To Employee Phishing Scams

Image of Elliot Bolland
Elliot Bolland

We've all heard of them by now, but do your end-users really know how to spot a phishing scam?...

Read more