Today’s technology world is growing with multiple techniques to lure the users into redirecting to the fake sites or URLs etc., so here is a new form of Phishing Attack in SMS to mobiles called as Smishing attack also named as SMS Phishing.

Smishing is a type of Phishing attack where cybercriminals send SMS messages allegedly from trusted sources to users by tricking to click the fake links which contain “Trojan Horse” malware that downloads into the mobile devices. 

Why is Smishing so Popular?

Today’s world is complete with smartphone devices where every adult and growing young generations use carry them all times. So, cybercriminals can use these smartphone technologies to readily send fake SMS, which contains malicious links to thousands to Million random number combinations. Sadly, there is no such option in mobile devices to block or flag spam or fake Messages. SMS received is posted as Banks, Government agencies, Telecom networks hackers use this social engineering technique to get the personal information from the users like banking credentials, Account no & other sensitive details of the individuals. 

Such attacks have increased in the COVID pandemic situation, which has become a technology disaster that creates fear & Panic in the public who might prey to such attacks.

How Smishing is done?

In this technique, usually, the victims are guided with specific self-damaging methods in the misguided steps like activating the COUPON codes by login to the websites, Activating the credit card, checking the balance in their bank accounts or offering them with prizes with malicious links, etc., Attackers often impersonate the Banking sectors, health care agencies, Telecom sectors, etc.. They frequently use a technique where the users fall prey easily like clicking the fake messages where it says “offer which might expire within a day” for example. This type of attack with SMS combined with a phone call or legitimate-looking websites also makes them more trustable.

Smishing Attack Example

  1. SMS message from the bank account claiming to be locked. 
  2. Some Messages from credit card activation and logins. 
  3. Messages from Amazon, Flipkart, or any online website shopping sites which prompt with Offer, which ends in a day or two to trick users into clicking. 
  4.  Most frequent and famous SMS techniques used from since long time which mentions about the Prizes and amount to be claimed while linking them with personal details etc.,
  5. Messages which contain Dining offers with 50% to almost free with beverages from Top Hotels and Restaurants. 

How to prevent smishing and protect yourself?

– Don’t click on a reply link or Phone numbers in a message if the not sure about it.

– Don’t store any Banking, Credit card details, etc., in a smartphone where it will be easy for hackers to steal the information the devices. 

– No government institute, Merchants, or Banking sectors will ask the users the update the personal details through SMS links. Inform your agent or Organization in case of doubts.

– Check the Message authenticity before clicking the sender websites and official links.

– Always delete the suspicious messages from the Inbox. 

– You can always block or report the unknown numbers which seem spam in Apple and Android Devices. 

– Try to look for numbers like “5000” which looks like real phone numbers but contains malicious messages sent via emails. 

– Texting “STOP” which only increases other spam messages by confirming your number is still active. 


A. How to report smishing?

There are ways to report Smishing attacks,

  1. First of all, we can report it on the messaging app in which you receive messages. Check for the option to report as Spam or Block the unknown callers.
  2. Report it to the concerned Organizations from where you receive the SMS.

B. what is phishing and smishing attacks?

Phishing attacks are where we receive spam mails in the email Inboxes and whereas SMishing receives SMS messages in the smart mobile Phones to lure the users as Victims.

C. what is difference between smishing and vishing?

SMishing is the SMS received in the mobile phones and Vishing is Voice calls (Voice or VOIP Phishing) tricks the users to reveal their Personal Information etc., with Social Engineering techniques.

D. What is a smishing virus in simple words? Is there something called a smishing virus or not?

SMishing is a Social Engineering attack that tricks the victims to use the fake links and Promo codes to hackers. It installs the Trojan Horse virus if the user clicks the malicious links from the SMS received.

By Michael

Writer of Infohaunt is an Cyber Security Professional have experience in SOC operations, Threat Management, Incident Response, Threat Hunting, Digital Forensics.