Smishing is a phishing technique where an attacker tries to get personal information out of the victim through SMS. Usually, they contain a link that imitates a service that the victim makes use of, such as a bank, a postal or Government service. Like any other phishing technique, smishing tends to put the victim in a sense of urgency by the attacker claims that pending charges need to be settled by a defined period of time.
How to Spot and what to do if you were a victim of a Smishing attack:
- Verify Sender by analysing country code to check from where the SMS was sent.
- Verify that the URL is legitimate.
- Verify that the phone number is legitimate and corresponds to the official phone number used by the respective organisation.
If you are in doubt, double check and take your time. Do not reply to any text messages that ask you about your personal information such as username and passwords. It is important that these messages are reported to the organisation being impersonated.
This Cybersecurity Awareness Campaign is co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.