August 15, 2022 – Smishing is a form of phishing that uses short messages sent as text messages, or SMS, through smartphones and social media messaging to gain your personal information. Smishing has become popular with hackers since people are likelier to trust a text message from their phone with a known area code or a message through social media chat than their email. Smishing attacks attempt to gather personal, financial, and insurance information and credit card numbers. Smishing attacks generally come in these three forms:

  • Text smishing- Using a text message to your phone, hackers try to steal personal information from you by posing as someone else. Examples include asking you to call a customer service number or clicking on a link in the message to verify some information.
  • Instant message smishing- By using messing freeware such as Facebook messenger or WhatsApp, the hacker creates a fake profile of someone you know and trust. Often, they start a conversation with you, which soon leads to asking you for your personal information.
  • Smart phone smishing- This attack poses as your cell phone carrier offering you a discount, product, service, or phone upgrade. The message urges you to click on a link for the offer, then soon asks you to provide personal information to secure the offer.

According to Earthweb, more than 3.5 billion smartphone users receive spam text messages daily. While most people know the dangers of clicking a link in an email, few know the dangers of clicking links in text messages. Here are more surprising statistics about text and smartphone smishing:

  • Around 378,509,197 spam-smishing texts were sent/received per day in April 2022.
  • On average, Americans receive nearly 41 spam texts per person per month.
  • Less than 35% of people know when they’re becoming the target of a smishing attack.
  • Victims have lost millions of dollars to smishing criminals
  • The tax scam is one of the most common smishing attacks
  • Smishing attackers can rob a victim’s confidential information by operating fake 2FA (two-factor authentication) messages.

Source: Smishing Statistics 2022, July 2022.

Best practices to safeguard against smishing

While an SMS message may seem harmless, you must protect your personal and financial information. Here are some ways to help protect yourself:

#1- Set up SMS spam filters on your smartphone.

On your iPhone, follow these steps:

  • Step 1: Go to the Settings app
  • Step 2: Tap Messages
  • Step 3: Tap on Unknown and Spam under the Message Filtering option
  • Step 4: Turn the Find the Filter Unknown Senders option on

Source: Apple support.

If you have an Android phone, follow these steps:

  • Step 1: Go to the Messaging app
  • Step 2: Tap the three dots icon in the upper right of the screen
  • Step 3: Choose Settings
  • Step 4: Tap Spam Protection
  • Step 5: Turn on Enable Spam Protection by swiping the button to the right

Source: Business Insider.

#2- Contact your smartphone carrier. Your phone carrier may have spam filtering technology that they can help you implement. These specific spam filters may be part of your monthly plan or for an additional cost through these cell phone carriers:

#3- If you get a smishing text, don’t reply and block the number.

Hackers and criminals are always looking for new ways to steal your identity and financial information. It is up to you to stay alert, think before you act, and remember that a smartphone is another tool hackers now use to get to you.

On your iPhone, follow these steps:

  • Step 1: Open the message (do not click on any links)
  • Step 2: Tap on the phone number
  • Step 3: Tap Info
  • Step 4: Tap Block This Caller

On an Android phone, follow these steps:

  • Step 1: Open the message (do not click on any links)
  • Step 2: Tap the three dots icon in the upper right of the screen
  • Step 3: Tap Details
  • Step 4: Tap “Block and Report Spam”