What Is a SMiShing Scam?

Definition & Examples of SMiShing Scams

Upset woman looking at her phone
••• valentinrussanov/E+/Getty Images

A SMiShing scam involves an approach by text message that is made to appear as if it is from a bank or other legitimate operation.

What Is a SMiShing Scam?

Most people are familiar with standard phishing scams, where an unsolicited email asks you to provide sensitive information to identity thieves. But thieves continue to change their tactics, and you’re increasingly likely to get text messages requesting your response in SMiShing scams. SMiShing scams might also be designed to infect your mobile device with malware or to encourage you to visit dangerous websites from a desktop computer.

How a SMiShing Scam Works

You’ll get a text message on your phone or another messaging system asking you to verify information, but the sender is not really who they say they are. Most thieves know better than to ask for your Social Security Number directly; instead, they’ll trick you into replying to an “important” issue with one of your accounts.

Messages might say you’ve signed up for a payment you don’t recognize and that your credit card or bank account will be charged unless you reply to the message.

Alternatively, you might get a message saying somebody tried to charge your account, and the security department wants to verify the transaction with you before approving it. Of course, there are no pending charges, and thieves are hoping you’ll respond to clear up the error. As part of that process, they’ll get as much information as they can out of you by asking for:

  • Your Social Security Number
  • Your credit or debit card number
  • Your zip code, which helps them use your card number if they already have it
  • Your bank account number or routing information
  • The name of the bank or credit card you use, which they can use later in spear phishing attacks personalized to you

Con artists use a variety of techniques to trick people into giving out information or clicking on links. SMiShing is not new, but some people are less cautious with text messages than they are with standard phishing scams. Plus, people tend to have their mobile devices everywhere they go, and it may be possible to catch them in a busy or distracted moment.

Texting still has a semblance of intimacy and is a preferred method of legitimate communication by many financial institutions.

These messages are a form of social engineering, where identity thieves take advantage of assumptions their victims make and the realities of increasingly busy and noisy lives.

Alternatives to Becoming the Victim of a SMiShing Scam

To protect yourself from SMiShing, use the same caution with text messages and instant messages that you already use with email:

Look at the Source

Check the number that’s sending you messages, but be aware it’s easy for thieves to spoof caller ID and make it look like the message is coming from a different number. For example, they might know what phone number your bank uses and copy that number so you’re less suspicious. If the number is completely unrecognizable, that’s a red flag.

Take Action Separately

If there’s a problem with your account, you have several options for fixing the problem—you don’t have to do it all by responding to that text message. Avoid clicking on links or answering questions if you’re not confident about a request. Instead, contact your bank or credit card company using a number you know is legitimate. For example, use the number on the back of your card or contact customer service while you’re logged in to your account.

Quiz the Sender of the Text

If friends or family ask for personal information, make sure you’re really talking to a loved one. For example, somebody might want your full date of birth or Social Security Number for an insurance application. Before responding, ask a question or use a joke that only the “real” person knows how to respond to. Instead of writing back, call and provide that information verbally so there’s no written record if one of you loses your phone.

Don’t Install Apps

Never install apps from a link in an unexpected text message. Although some apps and operating systems can help to protect you, you don’t want to give untrusted apps access to your device.​

Key Takeaways

  • A SMiShing scam is one that uses a text message as the contact method.
  • Scammers try to catch people on their phone who are busy or distracted.
  • Never click through on links or download apps send by text.
  • Always verify directly with a bank or anyone trying to reach you.