Whatever it is, it’s on the rise, and you need to watch for it.
Smishing is nothing more than phishing using SMS text messages.
I’ll review some of the examples I’ve received and go over exactly what you should and should not do when you receive one of these messages.
Become a Patron of Ask Leo! and go ad-free!
Smishing: text messaging spam
Spammers are now using SMS text messages to attempt to lure you into compromising yourself. It’s important you understand this possibility exists and that you ignore or block text messages from numbers you don’t recognize.
It’s on the rise
Honestly, I’m surprised there hasn’t been more of it sooner.
Phishing via email has become commonplace. We expect it. We learn to recognize it. Hopefully, we don’t fall for it.
Text messaging spam, on the other hand, is rather new, at least in the quantities we’re seeing today. Not everyone has seen it. That means many don’t know what to do when they get it.
It all feels very innocuous until you fall for it — just like email phishing.
What to not do
The single most important thing to take away from this discussion is this: ignore text messages from people you don’t know.
This can be surprisingly difficult because of how smishing is constructed. Here’s one example.
It looks like a misdirected text. It’s crafted to make you think that someone is simply texting the wrong number. It plays on your kindness, since many people would respond to this saying, “You have the wrong number.”
That’s not what’s happening at all. If you reply, the person at the other end will politely apologize and then attempt to engage you in further conversation. Eventually, after having built up some rapport, they will encourage you to visit a link.
A link that further misleads you and compromises your security — just like phishing.
Sometimes they don’t even try to be creative.
The intent is the same: to get you to respond, engage in conversation, and eventually do something that is not secure.
Do this instead
You’ll note that both of my examples above have a ‘stop’ indicator prior to the message. That’s because I marked these as spam in my telephone’s messaging app.
Exactly how you do this varies depending on your phone and the SMS text messaging app you use. Most will have either a long press menu or a three dots “…” menu that includes a Report Spam option.
In my case, reporting spam also blocks that number. That means any further attempts to contact me via SMS from that number will not be delivered. I recommend letting that happen, especially when you realize the phone number is not one you recognize.
Finally, some carriers also include automatic spam detection, which I recommend enabling. Many of the text messages I had previously been getting alerts for are now automatically and silently shuffled into that spam folder without me having to notice or do a thing.
Do this
Learn to recognize smishing. In particular, don’t respond to text messages from unknown senders. If you have the option, mark smishing attempts as spam in your SMS text messaging app and block those numbers from attempting to contact you again.
But above all, don’t click links or do things that sound suspicious if you are engaging in a conversation with someone you’ve never met.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
Honestly, just like any other phishing attempt — or spam too, for that matter — you really can’t go wrong with pressing “DELETE.” Period, end of sentence (and smishing attempt).
True, that is sufficient, but blocking the spammer is an extra layer of protection, and depending on the wireless provider, it might get that person put on an scammer list and protect others.
Smishing is rampant here in India
Many people received messages that their electricity bill is unpaid and their electricity connection will be disconnected.
And they give a link to further contact the customer support regarding this issue
A different question: with email, I can hover to see the sender and then it’s easier to ignore or click spam. With SMS, I often get a phone number that I don’t recognize, but we all know people whose number we don’t know. Is it ok to open the SMS text and then delete and/or mark it spam once I can see the message is likely spam?
As long as you don’t click on any links, you should be safe.
Look, but don’t tap/click.
I cannot thank Leo and his Team enough for all the good advice they have given through the years. Your knowledge and expertise has saved many of us from harm in numerous ways. Thank you for caring,
Thanks, it’s what I’d hoped.
Thank you so much for the information about smishing. I get these texts all the time and just delete them. I tried to find where I could put the text into spam, but my phone doesn’t have that choice for text, so I just “delete message”. I would hope that would take me off their list. Does it?
Nope.
The logic behind that is if deleting the rogue message blocked the sender, you would block all senders of all of emails you delete.
Most operators in the UK are signed up to a scheme whereby you can forward scam texts to’7726′. Info is collected by the National Cyber Security Centre, helping to stop the scammers.
Does “Return-Path” (First line in Thunderbird email header) provide enough information to truly identify the actual sender?
No.
What Can People Tell from My IP Address?
a) it does not — it can easily be faked
b) that’s email, this article is about text-messaging.
This is such timely information. Several years ago I would get texts from a lady. Not my friend so they would figure it out. One day she said please contact me. It turned out her friends number was 1 digit off. That’s why her friend replied sometimes and not others. Would be sketchy to reach out now. You Tube is even getting spammed. It is nice to know reporting a number is an option. I will be finding that option tonight! Thank you for keeping so many of us informed about really important things. Barb
What about how to block spam SMS texts coming from an email address domain? Each text will be from a different sender and various domain suffixes. I use US cellular and I can’t find anyway to block messages from name@domain. example – {email address removed}. I have received numerous texts in past couple of years which are at least suspicious and most likely phishing or spam. Some of the sender names are worded such that one “could” associate the name as being porn. I want nothing to do with such and have never gone to any such sites. I have not replied to any of these texts either.
The ONLY thing you can do is contact your carrier to see if they have any tools to help. It’s unlikely they do, in which case simply mark them as spam, if you can, block them, if you can, and carry on.