Shark fins emerging from a smartphone's display.

You’re probably familiar with email-based phishing, where a scammer emails you and tries to extract sensitive information like your credit card details or social security number. “Smishing” is SMS-based phishing—scam text messages designed to trick you.

What Is Smishing?

By now, almost everyone has encountered phishing scams that arrive via spam emails. For example, someone might claim to be from your bank and request you provide account information, social security numbers, or credit card details.

Smishing is just the SMS version of phishing scams. Instead of a scammy email, you get a scammy text message on your smartphone. “SMS” stands for “short message service” and is the technical term for the text messages you receive on your phone.

The new text message package delivery scam is a perfect example of smishing. People are receiving text messages claiming to be from FedEx with a tracking code and a link to “set delivery preferences.”

If you tap that link on your phone (and you shouldn’t), you’ll end up on a fake Amazon site (a phishing site) with a fraudulent “free reward.” The site will request your credit card information for “shipping fees.” If you provide payment details, you’ll be billed $98.95 every month.

Lowell Spam Text on iPhone

That’s just one example. An SMS phishing scheme could pretend to be from your bank and ask you to enter your social security number. Or, it could pretend to be from another legitimate organization and ask you to sideload potentially dangerous software on your phone. The possibilities are endless.

RELATED: PSA: Watch Out for This New Text Message Package Delivery Scam

Spam: Not Just For Email Anymore

Most people have caught on to spam emails by now, and email clients have excellent spam filters that catch a lot of junk emails before you see them. So it’s no surprise scammers have turned to other mediums.

You’ll encounter various types of scam phone calls like the Wangiri or “one ring” phone scam on both landline phones and cell phones. Phishing attacks are taking place on Facebook and other social media services, too.

SMS phishing is still something many people have never encountered. Scammers are counting on people being less skeptical than they would of an email and not looking too closely. We wouldn’t be surprised to see smishing become more and more common as scammers search for more people to trick.

RELATED: Beware These 7 Facebook Scams

How to Protect Yourself From Smishing Scams

A woman seated at a table looking at a smartphone and drinking coffee.

You should be on guard for scammy text messages, just as you should watch out for malicious emails. All the standard tips for dealing with phishing emails apply to smishing, too:

  • Look at the source of the text message. For example, if Amazon always texts you a delivery alert from a specific number and a new message arrives in that conversation, that suggests it’s real. However, scammers can fake (spoof) the number a text message is from, just as they can fake caller ID on a phone.
  • Be alert for anything suspicious. If you receive a delivery alert from a new number—especially if you weren’t expecting a delivery—that alert is potentially suspect. We recommend you avoid opening the links in any potentially dangerous text messages.
  • Avoid entering information after tapping a link in a text message. For example, if you get a “fraud alert” that says it’s from your bank, don’t tap the link in the message and sign in. Instead, go to your bank’s website directly or call your bank on the phone and ask if the alert message was legitimate. Check the link carefully for typosquatting or other tricks.
  • Don’t send sensitive information in response to strange texts. Whether someone texting you claims to be a legitimate business or sends a message like “Hey, this is your wife, I just got a new phone—what’s your social security number again?”, it’s a good idea to contact that business or person directly to ensure you aren’t talking to an impersonator trying to trick you.
  • Watch out for things that are “too good to be true,” like “free” rewards that need your credit card number for some reason.
  • Don’t download and install any software sent you to via a text message or email.

RELATED: What is Typosquatting and How Do Scammers Use it?

How to Block SMS Spam

Both iPhones and Android phones let you automatically block spammy text messages. Just like with blocking spam phone calls, you’ll install an application that contains a blacklist of suspected spammers. When you receive a message from one of these suspected bad numbers, it will be automatically filtered out.

If you’re getting a lot of spam text messages, we highly recommend taking action and proactively blocking them with such an app. If you’re just getting a few spam messages, you can always manually block the number sending them on iPhone or Android. Just be careful and think before you divulge any sensitive information.

RELATED: How to Block Text Messages from a Certain Number on an iPhone

Profile Photo for Chris Hoffman Chris Hoffman
Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read more than one billion times---and that's just here at How-To Geek.
Read Full Bio »