Skip to main content

What is smishing and how to protect yourself against it

minute read

    You're scrolling through your phone as usual when a text message randomly interrupts you. It's from a number you don't recognize. When you open the message, it appears that a company or an individual you're not familiar with is asking you to do something, or maybe telling you something too good to be true. If that's the case, trust your instincts —and don't engage with it.

    What has just been described is likely a type of phishing, which is a scam where a bad actor tries to request important, sensitive information about you. If it's in the form of a text message like this, it's considered smishing. In this article, you'll learn about:

    • How smishing works
    • How smishing differs from other forms of identity theft
    • Different types of smishing attacks
    • Protecting yourself against smishing and identity theft

    How does smishing work?

    Smishing is a combination of short message service (SMS) and phishing, which is the umbrella term for different types of online scamming. Otherwise known as texting, SMS is one one way phishing can occur. There are other mediums (such as email) that will be addressed later.

    These messages may come from a supposedly well-known company. For example, you may get a message from a nonprofit organization prompting you to donate to a cause you care about. You click on the link within the message and provide your bank account information so you can make a donation, only to realize after the fact that it's a fake prompt. The money you donated is lost, in addition to any funds stolen after giving over your bank account information.

    How does smishing differ from other forms of identity theft?

    There are several other forms of phishing that can occur in different mediums. Smishing occurs over text message, while other forms of identity theft take place over video, email or phone. These include:

    • Email phishing
    • Spear phishing (targeted email phishing)
    • Vishing (phone calls)
    • Angler phishing (via social media)

    Different types of smishing attacks

    Smishing can come in different variations. Generally, the intent is to steal sensitive information, like your Social Security number (SSN), bank account information and more. These include but are not limited to:

    • Delivery notifications (such as those that indicate you have a package but use a link to spam you)
    • Fake messages from a bank or credit card issuer about an issue with your account, which are designed for you to provide sensitive information such as account numbers
    • Recipient of an award/prize (such as winning a raffle or contest)
    • Password or account changes such as for a streaming service
    • Messages from what appears to be a person (using images/questions)

    How to protect yourself against smishing and other forms identity theft

    Anyone can fall victim to identity theft. The consequences are lasting— from stolen funds to tarnished credit and more. That's why it's essential to stay proactive when protecting your information. Here are some ways you can help yourself stay protected:

    • Notice signs of a scam—Look out for links/attachments/other prompts, even if it's from a reputable-sounding source (such as an online payment company). Check for strangely worded phrases, inaccuracies or gaps in information.
    • Block and report the scam—You may have the option to delete and report the message as spam/junk. You can also forward the smishing to SPAM (7726) which helps notify your wireless provider of the attempt.
    • Protect your information—Use a password manager to keep your passwords secured, whether that's on your phone, laptop or other device.
    • Sign up for Chase Credit Journey®—This free online tool allows you to enroll in identity monitoring alerts, which can alert you when your information is part of a data breach, located on the dark web or if your identity is being verified by a lender. Credit Journey® also includes credit monitoring, which can alert you to increased balances on your accounts, new account activity and positive or negative activity on your credit report. Best of all, it's free for everyone, not just Chase customers.

    Bottom line

    We use our phones everyday and can get inundated with notifications. Whether it's a text message, email or other written communication, be aware of any suspicious language that could indicate a scam. Taking appropriate steps and remembering to stay vigilant can help protect your information from being stolen and used against you.

    What to read next