Smishing stands for SMS (Short Messaging Service) Phishing – it’s phishing via text message. Phishing via instant messaging services such as Facebook Messenger or WhatsApp is not technically smishing, but it is very similar.
As in phishing, the criminal’s intent is to get the user to click a link to download malware to the device or give away personal information such as login credentials or credit card details. The message content will be something to entice you to click the link, for example:
A message designed with a sense of urgency and/or a task to complete:
- Royal Mail: Your parcel has been redirected to your local Post Office branch due to an unpaid shipping fee. To reschedule a delivery please visit: [link redacted]
- Tracing Notification: You have been in close proximity with a confirmed case of the latest variant. Please order a free test kit via: [link redacted]
- Your Santander Bank Account has been blocked. All services have been withdrawn. Go to [link redacted] to reactivate now.
And/or promising deals or rewards:
- URGENT: UKGOV has issued a payment of £258 to all residents as part of its promise to battle COVID 19. TAP here to apply [link redacted]
- As part of a nationwide test we are distributing free accounts with access to Netflix + Disney+ content, go to [link redacted]
The messages can be badly spelled or with grammar mistakes – this should be your first red flag. The next thing to check is the number sending the message – can you verify, perhaps via a web search, that the number the message is from is connected to the company or individual they are claiming to be?
If not, the best thing you can do is ignore the message. Responding to the message will only confirm that your number is real and probably send more scammers your way. Sometimes replying can add a charge to your bill as that’s one way the scammers collect money.