Smishing

A screenshot of a smishing attempt in the form of a fake USPS package notification.

Text message (SMS) Phishing, also known as Smishing, targets you through mobile text messages. These messages often solicit sensitive data such as passwords or personal information by prompting actions like visiting a malicious link, sending money, or taking further action like making a phone call leading to fraudulent activity.

Understanding Smishing

Smishing combines "SMS" (text messaging) with phishing tactics, often involving a cybercriminal posing as a known contact to request sensitive information.

Recognizing Smishing

Smishing messages may mimic communications from banks or postal services to solicit personal or financial information. In university contexts, these messages might appear to come from high-ranking officials like the Chancellor, requesting purchases or personal data.

  • Messages are typically urgent, pressuring the recipient to act quickly.
  • They might contain believable contexts to trick the recipient into bypassing rational judgment.
  • Look out for messages with misspellings, grammatical errors, or unusual requests.
  • Always verify the urgency and source of unexpected messages.
  • Check the sender's phone number against known contacts.
  • Never respond directly to suspicious texts—contact the purported sender through known, official channels.
  • Avoid sharing sensitive information like passwords or PINs via text.
  • Report any suspected smishing to the relevant authorities and change any compromised passwords immediately.

Victim Response & Prevention

If you suspect you've fallen victim to a smishing attack, report it immediately, change relevant passwords, and monitor your accounts for unauthorized activity. Education and awareness are crucial in defending against such attacks, complemented by technological measures like spam blockers and organizational reporting systems.