Smishing=SMS text phishing. Be Skeptical of unexpected text message. Don't take the bait! Information Security Office. Cartoon criminals phishing and smishing with email and text symbols for bait.

Beware of “smishing,” the text-based form of phishing

It's Cybersecurity Awareness Month, and a good time to become aware of "smishing," which is a word blend of "SMS" (short message services, also known as texting) and "phishing." When cybercriminals "phish," they send fraudulent emails that aim to trick the recipient into opening a malware attachment or clicking on a malicious link, and they “smish” when they try to engage potential victims in the same way via text messages.

According to Experian, smishing is a growing threat, with more than 11 billion spam texts sent in March 2022 alone, according to anti-spam app Robokiller. In 2021, 87.8 billion smishing attacks resulted in $10 billion in estimated consumer losses—a 58% year-over-year increase in spam texts.

Security professionals suggest that you take these precautions to avoid becoming a smishing victim:

  • You should regard urgent security alerts and you-must-act-now coupon redemptions, offers or deals, as warning signs of a hacking attempt.
  • No financial institution or merchant will send you a text message asking you to update your account information or confirm your ATM card code. If you get a message that seems to be from your bank or a merchant you do business with, and it asks you to click on something in the message, it's a fraud. Call your bank or merchant directly if you are in any doubt.
  • Never click a reply link or phone number in a message you're not sure about.
  • Look for suspicious numbers that don't look like real mobile phone numbers, like "5000". These types of numbers link to email-to-text services, which are sometimes used by scam artists to avoid providing their actual phone numbers.
  • Don't store your credit card or banking information on your smartphone. If the information isn't there, thieves can't steal it even if they do slip malware onto your phone.
  • Refuse to take the bait—simply don't respond.

For more cybersecurity best practices, read “Top 9 Cybersecurity Habits to Adopt Today,” in the UC Davis Knowledge Base.