What is SMiShing?

If you don't recognize the sender of that text message, delete it! It could be a virus waiting to happen.
If you don't recognize the sender of that text message, delete it! It could be a virus waiting to happen.

People have been scamming their fellow humans since the beginning of civilization. Over the centuries, scenarios got more sophisticated -- think stock market scams and pyramid schemes -- and the stakes got higher. And then the tricksters and conmen of the world finally found their perfect medium: the Internet. The scams of the past seem almost quaint now, compared to our world today where people are routinely robbed of their life savings and even their identities, frequently never even coming face to face with the people who are ripping them off. There are Ponzi schemes, phishing, the ubiquitous Nigerian money transfer con -- and one of the newest tricks of the trade: SMiShing.

SMiShing is a close cousin of phishing that uses text messages on cellphones and smartphones instead of e-mails. The name comes from SMS (Short Message Service), which is text messaging technology [source: T-Mobile]. There are two main types of SMiShing scams:


  1. You receive a text that seems to come from a trusted source, like your bank or credit card company. The message is usually about something urgent -- your credit card has been stolen, for example, or your account has been frozen -- and instructs you to go to a certain Web site or call a phone number to verify your account information. The thieves on the receiving end then use your information to steal money from your account or open new credit cards in your name.
  2. You receive a text, again from a seemingly legitimate contact with another urgent request, that contains an attachment. The attachment downloads a virus or malware that allows the scammers to access everything on your phone -- and possibly even control it [source: FBI].

Now that you know what SMiShing is, click to the next page for tips on protecting yourself against it.


Protecting Yourself From SMiShing

Internet scammers are very good at making e-mails and texts look authentic. The fake text from your "bank" could look exactly like the real thing, so there might be no immediate indication that something's amiss. Take a look at the sender's phone number, though. If it's "unknown" or blocked, that's a dead giveaway that things aren't right -- most of these scams are perpetrated with random dialing programs. But sometimes the SMiShers will use stolen customer phone numbers from a bank or other financial institution, and it might look like the sender is in your area code.

Here are some steps to take to protect against SMiShing [source: FBI]:


  • If a text message looks even remotely suspicious, delete it right away without reading it.
  • Never reply to or follow the instructions of a text that asks you for personal information. A legitimate business will never ask you to reveal your account number, user name, password or full Social Security number over the phone or online.
  • If you're not sure the message really is from your phone's service provider, for instance, type the company's URL in your browser instead of clicking on the link or attachment. Call the customer service number listed on its Web site instead of using the number provided in the text.
  • Use a credit card if you're shopping online on your smartphone. You can always dispute charges if your phone becomes infected and someone makes unauthorized charges to your card.
  • Bottom line, use common sense: If something seems shady, it probably is.

SMiShing is getting more and more dangerous with the increased popularity of mobile banking. People use their phones for everything these days, and if you bank or conduct financial transactions on your cellphone or smartphone, you've got a lot of sensitive information at risk if it's exposed to malware or spyware.

Until security measures for mobile devices are improved, take our advice: Stay away from suspicious-looking texts, and hopefully the SMiShers will stay away from you.


Lots More Information

Related Articles

  • Bland, Eric. "Malicious Software Turns Your Phone Against You." Discovery News. March 9, 2010. (Oct. 7, 2011) http://news.discovery.com/tech/cell-phone-malware.html
  • Blau, John. "McAfee Warns of SMiShing Attacks." PC World. Aug. 28, 2006. (Oct. 3, 2011) http://www.pcworld.com/article/126932/mcafee_warns_of_smishing_attacks.html
  • Consumer Reports. "'Smishing.'" November 2010. (Oct. 3, 2011) http://www.consumerreports.org/cro/shopping/2010/november/sneakiest-new-shopping-scams/smishing/index.htm
  • Federal Bureau of Investigation. "Smishing and Vishing." Nov. 24, 2010. (Oct. 3, 2011) http://www.fbi.gov/news/stories/2010/november/cyber_112410/cyber_112410
  • Liebowitz, Matt. "Smishing: scary new malware scam." MSNBC. Jan. 17, 2011. (Oct. 3, 2011) http://www.msnbc.msn.com/id/41121201/ns/technology_and_science-security/t/smishing-scary-new-malware-scam/
  • Mills, Elinor. "'SMiShing' fishes for personal data over cell phone." CNet. Feb. 24, 2009. (Oct. 3, 2011)http://news.cnet.com/8301-1009_3-10171241-83.html
  • T-Mobile. "SMiShing." (Oct. 3, 2011) http://www.t-mobile.com/Company/PrivacyResources.aspx?tp=Abt_Tab_PhishingSMishing&tsp=Abt_Sub_IdentityTheft_SMiShing