>

Glossary Home

What will I learn?

  1. What is smishing?
  2. How does smishing work?
  3. Common smishing attacks
  4. Warning signs of smishing attacks
  5. How to protect yourself?

Glossary Home

Smishing

What is smishing?

Smishing is a type of phishing attack carried out through SMS or text messages. The term combines short messaging service(SMS) and phishing. In smishing, attackers use social engineering tactics to pressure the victim to act immediately on the phishing SMS received by creating a sense of urgency or curiosity to act upon. These attacks are designed to steal login credentials, personal or financial information, or to install malware on the victim’s device.

How does smishing work?

Attackers send a carefully crafted text message designed to:

  • Create a sense of urgency, fear, or curiosity.
  • Look like it is from a legitimate source (banks, courier services, government agencies, etc.).
  • Prompt the user to take immediate action, such as clicking a link or calling a phone number.

If the recipient falls for the message and follows the instructions, the attack progresses in one of two ways:

  1. If the user clicks the link,
    • They may unknowingly install malware (often spyware) that gives attackers access to their device or data.
    • They may be redirected to a fraudulent website that mimics a legitimate one and tricked into entering personal or financial information.
  2. If the user calls the number,
    • They may speak to a scammer posing as customer support, who uses social engineering tactics to extract sensitive information such as bank details, login credentials, or identification numbers.

Once attackers obtain the victim’s information, they may use it for:

  • Identity theft
  • Financial fraud

Common smishing attacks

Smishing attacks come in many forms. Below are some of the most common types of smishing text messages you may encounter:

  • Fake delivery notifications: Messages claiming there’s an issue with your parcel delivery and requires quick action. Example: “Your parcel is on hold. Pay $5 to proceed.”
  • Banking security alerts: Fake warnings about blocked cards or suspicious activity to steal banking details. Example: “Your card is disabled. Reactivate now.”
  • Government impersonations: Scammers pretend to be tax or other government authorities to collect personal information. Example: “Your PAN will be suspended. Update details.”
  • Prize or lottery messages: Texts claiming you’ve won a reward you never signed up for. Example: “You won ₹10,000 cashback. Claim here.”
  • COVID-19 scams: Messages offering vaccines, health benefits, or relief funds through suspicious links. Example: “Book your free COVID booster today here.”
  • Account verification requests: Threats that your account will be closed unless you verify it immediately. Example: “Your account will be deactivated. Verify your account details now.”

Warning signs of smishing attacks

If you notice any of the following red flags in a text message, treat it as a potential smishing attempt and stay alert:

  • Urgent or threatening language designed to pressure you into acting quickly.
  • Messages from unknown or suspicious phone numbers.
  • Requests for personal or sensitive information.
  • Prompts to click on links, especially shortened or suspicious URLs.
  • Poor grammar or spelling errors in the message.
  • Unsolicited messages that you weren’t expecting.
  • Offers that seem too good to be true, such as prizes, rewards, or unexpected discounts.

How to protect yourself?

  • Avoid clicking links in messages from unknown or suspicious senders.
  • Verify the sender’s identity through official channels. For example, if a message claims to be from FedEx, call their official customer service number to confirm.
  • Enable multi-factor authentication (MFA) on all your sensitive accounts so attackers cannot access them even if your credentials are compromised.
  • Use spam-identification tools like Truecaller to identify unknown senders, block spam numbers, and filter suspicious SMS.
  • Pay attention to the spam alert given by the carrier.
  • Keep your mobile device updated with the latest software and security patches.
  • Stay cautious of urgent or threatening messages as they are common smishing tactics.
  • Block and mark suspicious texts as spam and report them to your carrier for further action.