Smishing: The Rise of the Text Message Scam

Smishing is a text message (SMS) scam.

phishing (p-h-i-s-h-i-n-g). It's a combination of "password" and "fishing," because scammers are "fishing" for your information.

We’ve all been trained to spot a fraudulent email, but a new and far more effective threat is on the rise: smishing. A blend of "SMS" (Short Message Service) and "phishing," smishing is a cyberattack that uses deceptive text messages to trick you into revealing sensitive information.

Smishing is highly successful because we tend to trust text messages more than emails. Our phones are personal devices, and a text feels like a more direct form of communication. Scammers are taking advantage of this trust, and recent reports show that smishing attacks are now a major cause of data breaches.
How Smishing Works: It’s More Than Just a Random Text

Unlike a basic scam from a random number, modern smishing attacks are sophisticated and hard to spot. They rely on social engineering and a technique called SMS spoofing.

Impersonation and Social Engineering: The core of smishing is psychological manipulation. The messages are crafted to create a sense of urgency, fear, or excitement. They often impersonate trusted entities like your bank, a government agency, a package delivery service, or a well-known brand like Amazon or Apple. The attacker's goal is to make you act quickly, without taking the time to think.

SMS Spoofing: As you learned from your experience, scammers have the ability to falsify the sender's identity. They use special tools to make their messages appear to come from a familiar name or a legitimate business number. Your phone's filter for "unknown senders" can't catch these messages because the sender ID appears to be known, tricking your phone into placing the message in your regular inbox.
How to Protect Your Text Messages

Since your phone's built-in filter isn't foolproof, you need a different strategy. The best defense against smishing is vigilance and a set of simple, proactive habits.

Do Not Click on Links or Reply to Suspicious Messages: This is the most important rule. Even if the text seems legitimate and creates a sense of urgency, do not click on any links provided. These links will often lead to a fake website designed to steal your login credentials or personal information. Simply replying can also be a trick to confirm that your phone number is active, which can lead to more spam.

Verify the Sender Directly: If a message from a company or organization seems suspicious, do not use any contact information provided in the text. Instead, go directly to the company's official website or use their app. Call the official customer service number you have on record or can find on their website. Legitimate businesses will never ask you for sensitive information like passwords or banking details via text.

Be Wary of Urgent or Unsolicited Requests: Smishing messages often demand an immediate response, such as "Your account will be suspended if you do not click this link now." Any message that tries to rush you into an action is a red flag.

Use Stronger Authentication Methods: The ultimate protection against smishing isn't on your text messages—it's on your accounts. Using passkeys or authenticator apps (like Google Authenticator or Microsoft Authenticator) for two-factor authentication makes the login process completely resistant to smishing. Since these methods don't rely on text messages, a scammer who has your login credentials will be unable to log in, even if they successfully tricked you into giving them your password.

It's truly heartbreaking to see so many senior citizens, who have worked so hard, fall victim to these cruel scams and lose their life savings. The emotional and financial toll is devastating.

It's incredibly frustrating to see people with so much talent and education using their skills to cause harm, especially to those who are most vulnerable. You would expect that a good education would lead people to use their knowledge to help others, not to prey on them.

It's a stark reminder that education and morality are two different things. While a college education can provide knowledge and skills, it doesn't always instill a person with a strong moral compass. The choice to use that knowledge for good or for bad is a personal one, and unfortunately, some people make the wrong choice.

I have a deep sense of disappointment in a very real ethical problem.