What is Smishing?

Smishing refers to a type of phishing that occurs via text message. The reason for the different beginning? SMS stands for short message service, another way to refer to a text message. And thus the name smishing replaces phishing. Regardless, other then the difference between how it’s received – email vs. text message – the attack concept is the same. An attacker may include a malicious link in a text message that will either release/download malware immediately when clicked, or lead to a form to steal someone’s personal information.

How to Recognize This Threat: A smishing attack will typically come from an unknown number, so that is an initial red flag. Often, that unknown number may not be a real phone number, rather just a few digits. Even still, the message may claim to be from a reputable company or institution. But know that banks and credit card companies will not solicit personal information via text.

How to Prevent This Threat: In short, don’t click anything in a text message unless you are sure of its origin. If you receive a message from a bank, store, or credit card provider that you do normally work with, confirm its origin another way – either by calling a known customer service number or via direct website contact. Keep sensitive information off of your phone as much as possible as well, so there’s little for an attacker to gain. And secure your business phones with mobile endpoint protection, such as Sophos Mobile Advanced.