Published on Oct. 7, 2024

Smishing, a combination of the words “SMS” and “phishing,” is a type of cyber-attack that targets individuals through SMS or other forms of text messages.

Smishing attacks are similar to email-based phishing attacks in which scammers lure victims into sharing personal information via text message by clicking malicious links or downloading harmful files and software. They typically disguise themselves as trusted sources — such as university leaders — and use social engineering tactics to manipulate the victim into taking undesired actions.

Red flags to look out for in smishing text messages include:

• Requests to purchase or deliver an online gift card
• Threats of prosecution if the user does not call a number or click a link
• Informal language being employed in serious matters
• Links that look different from the official bank/company/service address (If you’re unsure what the correct link is, a simple Google search can reveal that)
• Promises of money or benefits that are too good to be true
• Messages from unexpected senders (example: a tracking message for a FedEx package you didn’t order)
• Vague wording that doesn’t fully explain the reason for contacting you
• Banks asking for card numbers, ATM pins or banking information (financial institutions will never ask you this information)

Visit the InfoSec webpage to learn more about smishing attempts, including tips to help prevent these attacks.

Related article:

Don’t be tricked! Keep your inbox secure