What is 'Smishing'?

Answer: SMS Phishing

For years, cybercriminals have used various methods to ploy people into downloading malware and viruses onto their devices.

Historically, most phishing scams have been limited to desktops/laptops and email. But wait! Cybercriminals are keeping up with the ever-changing tech world. The latest form of phishing is called “smishing” which is where cybercriminals obtain/steal your personally identifiable information (PII) and can even steal your identity all by infecting your smart phone though a text message.

Like traditional malware attacks on laptops and desktops, unaware smartphone users open and click on the link provided in the malware encrypted text message. In most cases, once the user has clicked on the link, the attackers will attempt to trick them into sharing any PII information, such as social security numbers, credit card or checking account info, passwords, and more.

So what do these attackers do with your information?

They sell it, they steal your identity, open new accounts in your name, and the list goes on.

Don’t fall for the silly tactics. They are pretty easy to spot if you know what you are looking for. In an email, you will notice the company they are attempting to look like will be spelt slightly wrong. For example, you bank at SimpleBank, and you receive an email from John.John@SmpleBank.com. Did you spot the error? Simple is missing the ‘i’ in the email.

As far as text messages go, some phishers will state if you don’t click on the link and fill out the form the company will start charging you for that service.

So, how do I prevent from being smished?

Delete and block these senders. Just like phishing emails, don’t click on or respond to anything. If you are concerned that the text is not legitimate, call the number you know for that given company, NOT the number provided in the email or text message.

Avoid using public Wi-Fi. Cybercriminals can easily access your phone though public Wi-Fi, and they are able to watch your key strokes, making it extremely easy to obtain your passwords or account information.  Always make purchases and check banking accounts though cellular data or on trusted networks

Keep an eye on your bank statements and credit reports. It’s always a good practice to keep a close on eye on these statements and look for any new accounts and/or purchases you didn’t make. If you notice something, contact your lender/bank immediately.

Extract has been in the business of protecting PII for the government and healthcare spaces for nearly twenty years. Interested in learning more? Contact us today or visit us here.


About the Author: Taylor Genter

Taylor is the Marketing Specialist at Extract with experience in data analytics, graphic design, and both digital and social media marketing.  She earned her Bachelor of Business Administration degree in Marketing at the University of Wisconsin- Whitewater. Taylor enjoys analyzing people’s behaviors and attitudes to find out what motivates them, and then curating better ways to communicate with them.