Explainer - What is smishing and how can I avoid it?

Smishing

Smishing – a combination of the words “SMS” and “phishing” – is a scam where fraudsters use mobile phone text messages to trick you into opening a malicious attachment or link.

Typically, the text messages claim to come from a reputable organisation such as your bank, card issuer, a service provider such as your mobile phone company, or even a government department such as Revenue.

They are often difficult to spot and may even appear within a genuine “thread” of text messages you may have received from a legitimate organisation.

Recent smishing attacks

A number of Irish retail banks and their customers have been the target of smishing scams, particularly since the summer of 2020 and the onset of COVID-19.

Often smishing messages will try to alarm you, claiming that you need to take urgent action in order to avoid suffering serious consequences.

For example, you might receive a text message appearing to be from your bank telling you that your bank card, account, or online access has been blocked or frozen due to “unusual activity” or fraudulent transactions.

The text will instruct you to click on a link to unblock or unfreeze your account.

However, if you click the link, you are typically brought to a fake, but in many cases believable website, imitating that of your bank.

You will then typically be asked to login and enter a code received by text to reject the transactions or activity.

In reality, by logging in and entering this code, you are in fact allowing the fraudsters to access your account and process transactions.

How to avoid becoming a victim of smishing

  • Be suspicious of text messages received out of the blue that claim to come from a reputable organisation, such as a bank or credit/debit card issuer.
  • Be cautious of text messages that prompt you to call a phone number or visit a website to resolve an issue or verify your details urgently.
  • Do not respond to text messages that request personal information, such as your bank account details, without first independently verifying that they are from a genuine source.
  • Never reply to text messages that request your PIN, online banking password, or any other password.
  • Be wary about calling any phone number, or clicking on any link, that is embedded within a text message.

If you believe that you have been targeted by a smishing text message, you should contact your bank or service provider immediately.

See also: