Smishing: Do You Know What is It? (don’t bite the bait!)

What is Smishing?

On my last article, I spoke about Phishing and how these email messages try to urge people into voluntarily, expose their private information. Now, exactly with the same goal, the messages are sent using SMS (Short Message Service) text messages. SMS Phishing is what is called Smishing.

These as well, will pretend to be sent from known and trusted senders (your Bank, Service Provider, Social Network, etc) and again, will express some kind of urgency action from you, or even an extra special free gift (with extra-short expiration time for urgency!).


These are higher risk, as most people nowadays are already up to a level, wary of email but almost blindly trusting SMS! So, if you receive a text message on your phone from you bank, rushing you to click a link, stop! Don’t, please…

Know how to be ready

Both phishing and smishing are social engineering techniques, which use the human psychology to allure people into expose private data. So these are my basic recommendations:

1. Do not trust any communication which needs an urgent action/reply from you:

If you get a message from your bank requesting some action, just login and/or call using the usual link or phone number (if not bookmarked/saved, just go to the official site/back of your bank card)

2. If you are not sure, or distracted and open the link:

Check if the site starts with HTTP or HTTPS. Being HTTP, is not genuine (note that unfortunately, the https is not a guarantee of authenticity though)

3. Look for misspelling or bad grammar and timing:

These messages are often written in a hurry and/or not the first language of the cybercriminal. Unfriendly hours receiving “urgent” messages is another sign

4. If it is too good to be true, do not believe it:

If it is an extra-tempting offer, do not be tempted and if you still want to check, just follow the next point

5. Consider your private information as your treasure:

Stop the moment you get to a point where something or someone is asking for private information, like, PINs and passwords.


Now that you have realized that the SMS phishing is also a threat, you are more secure.

But in addition to our advices to help you to not be a victim of these attacks, do you know what actions you can take to prevent this attacks?

P.S. Do you knew that the DMARC, SPF and DKIM can help you to prevent these attacks?

Find out in my next article how they can be useful.

Leave a Reply

Your email address will not be published. Required fields are marked *