Media Blog

Don’t Get Caught by a SMiShing Scam

What’s SMiShing scam?

What’s SMiSh?

People are becoming wiser and more vigilant about checking where emails are coming from, or whether that link in social media should be clicked. Unfortunately, hackers and cyber thieves are getting smarter too. The latest entry into identity and data theft is SMiShing.

SMiShing is a phishing scam using Short Message Service (SMS) text messages. With the proliferation of cell phone use, personal emailing is declining. Criminals are looking for the next open window to access information. Even if you have security on your phone like pin numbers, facial recognition, or scanners, responding to a wayward text could give the scammer an all access pass to the information on your phone.

What does SMiShing look like?

These texts can take on several different forms. They can be looking for several different responses. Have you gotten any messages like this?

“Your Gmail account has been compromised and deactivated for your protection. Text back SENDNOW in order to reactivate your account.”

“We have identified some unusual activity on your online banking. Please log in via http://bit.wi/tAkU4 to secure your account.”

“Final Notification: Your Apple ID is about to expire. Prevent this by confirming your Apple ID at”

“Your Bank Alert: Your CARD starting with 4278 has been deactivated. Contact us immediately at – 206-497-2211”

“CollegeU has a new way to connect with Alumni like you. Please reply YES to confirm, or STOP to cancel. Msgrates may vary.”

These types of texts play on your fears and take advantage of the immediacy of text messaging. At first glance, they might seem genuine. But always be cautious of messages that come uninvited or from places that you aren’t familiar with.

What Can You Do?

There are some precautions that you can take when you get a text from your bank or other numbers that are suspicious or make you concerned for your cyber security.

  • Start by taking your time. SMiShing texts count on the fast response reflex. But don’t rush to answer if you have the slightest inkling there’s something false about the email. Do the research first before responding.
  • Most banks do not text customers. Never click on a link or call a number in the text. Instead, call the customer service number on their website or on your statement. If it’s something genuine, they’ll know and be able to advise you. If it’s a scam, let the bank know you’ve received it and delete the text.
  • Do a search on the web and look up the number and message. You’ll see if there are other posts with this message or scams with the number.
  • If the message is from a legitimate company, call the company directly first. Talk to their customer service team and ask if this is a legitimate text. If they don’t know or they aren’t familiar with it, delete the text.
  • Any link in a text should meet the same criteria as an email link. If it doesn’t say https://, it’s not real.
  • Look for suspicious numbers that don’t look like real mobile phone numbers, like “5000“.These numbers link to email-to-text services, which are sometimes used by scam artists to avoid providing their actual phone numbers.
  • Don’t store your credit card or banking information on your smartphone. If the information isn’t there, thieves can’t steal it even if they do slip malware onto your phone.

Other precautions you can take to make sure your phone is secure is to have  a good antivirus program installed and turn on a Text Alias or “Block texts from the internet” feature if your service provider supports these features. Always remember to turn off Bluetooth, wi-fi, and location services if you don’t need them.

Don’t Get SMiShed – but if you do…

If you think that you are a victim of smishing, you should contact law enforcement to report the scam. You can also file a complaint with the FCC at no cost. 

Scammers and hackers are always trying to find their way into your data. Make sure you don’t give them a way in!