2019 and beyond will see an increase in attacks separate from emails through “Smishing,” phishing’s increasingly popular, covert relative. Smishing is a variant of phishing conducted via SMS, (SMS + phishing) intended to obtain user and/or organizational data such as financial and personal information. Instant messaging, texting, and productivity apps that are rising in popularity for business – as well as text-based natural disaster aid/fundraising campaigns – have become popular vehicles for these deceptively simple, fraudulent campaigns. A stealthy app can hijack a contact list, log keystrokes, and exponentially perpetuate a malicious virus. Let’s take a look at the basics of smishing.

Users are especially vulnerable given the rising popularity of automated communication.

Smishing attacks maintain similar elements to typical phishing attempts but the dangers aren’t usually recognized due to the difference in how the user is targeted. As savvy as most people have become in detecting phishing emails in recent years, a smishing attempt through workplace collaboration software tools or texting looks like business as usual. Users are especially vulnerable given the rising popularity of automated communication and account management features linked to smartphone messaging and chat. Where phishing emails containing file downloads or suspicious looking links, unsuspecting users typically welcome the seamless simplicity of these customer interaction features within a text or instant message.

Smartphones and laptops often contain the most valuable personal information available.

Scammers who mine databases of phone numbers on the dark web know that smartphones and laptops often contain the most valuable personal information available and relentlessly pursue banking, work and social credentials, location data, contacts, and more. Regardless of physical safeguarding precautions for devices such as biometric login information, your data and that of others, can be unknowingly compromised with a typical response to a text message, such as a short code. However, not all attempts look sophisticated. Cyber-criminals have been known to communicate personally with recipients, triggering unwanted transactions through pesky requests. Other times, the communication is sheerly a prelude to a crime, validating the thieves’ information of a future victim of identity theft.


Play it safe. Never click on a link or reply to a text unless you can confirm its validity. Check the source of two-factor identification notifications, preferably from a separate device. Check the legitimacy of short codes with this directory. Frequently run updates on your devices and don’t delay security upgrades – your system is pinging you to protect your data.

If you suspect your information has been compromised or want to double down on safety, change passwords, investigate the best encrypted text apps and encrypted password managers. Contact a certified identity theft professional to investigate any movement of your data. Finally – while this is list isn’t exhaustive – consider anti-malware to guard against infected apps on any device that contains your personal information.