image of scammer typing on cell phone

What Is SMS Phishing?

It’s when cybercriminals send Short Message Service (SMS) text messages that are designed to steal personal or financial information from you, whether by pretending to be a reputable site, or getting you to download malware onto your phone. They could also try to trick you into giving them the login to your Apple account, if you’ve got one, which would then provide them with your personal data.

Types of SMS phishing scams:
  • Fraudsters can try to pull SMShing scams in various ways. Some examples are as below.
  • Competitions. You may receive a text message inviting you to join a competition. What seems like an SMS from a reputable company may really be from a cybercriminal – you’ll usually be asked to enter personal information in order to join the contest or collect your prize. The information is then collected by the fraudsters.
  • Verifying credit card transactions. Cyber criminals can pretend to be credit card providers in order to send fake text messages. These SMS messages may ask you to confirm a recent transaction. Your reply will help them to confirm your phone number, which they can then use to call you in order to try to scam you.
  • Expensive texts. Whatever their disguise for getting you to text them back, SMS fraudsters could also be charging you a hefty SMS rate for your reply. You could also be automatically signed up for ongoing charges.

Protecting Yourself Against SMS Phishing

Here are some ways to minimise your chances of becoming a victim of SMShing:

  • Don’t reply to SMS messages from numbers that you don’t recognize. If in doubt, get in touch with your mobile phone provider to check if certain numbers charge premium rates.
  • Don’t share your login, personal or financial details over SMS. Your bank, utility provider or any other genuine company will never ask for sensitive information via text message.
  • Watch where you input two-factor authentication codes. When you’re signing in to a secured website, it may send a code to your phone via SMS, which you have to enter on the site in addition to your login details. Fraudsters could send you fake SMS messages asking for this code.