Smishing is a form of social engineering that exploits SMS, or text messages

Text messages can contain links to things such as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number.

This ruse tends to be effective because while most of us have learned to recognize phishing emails, we are still conditioned to trust text messages. Also, there’s no easy way for us to preview links in a text message like we can if we are viewing an email on a PC.

hands holding a mobile phone

Suspect a smish?

Validate any suspicious texts
If you get a text allegedly from a company or government agency, check your bill for contact information or search the company or agency's official website. Call or email them separately to confirm whether you received a legitimate text. A simple web search can thwart a scammer.

Don't engage
Never click links, reply to text messages or call numbers you don't recognize. Do not respond, even if the message requests that you "text STOP" to end messages.

Delete it
If you don’t know who it’s from and it looks suspicious, simply delete the text.

Update your device
Make sure your smart device OS and security apps are updated to the latest version.

Add extra security
Consider installing anti-malware software on your device for added security.

Spot the signs of vishing

Vishing is a telephone-based form of social engineering in which someone calls you directly and pretends to be from a legitimate company or service. Once on the line, they ask questions, try to get you to do something, or direct you to a website in order to obtain personal information, such as Social Security or financial account numbers.

Check the company
Is the phone call from a legitimate company? If you can, look up the phone number or company name to see whether it’s legitimate. Always be extra cautious if it’s a company you’re not familiar with.

Call them back using a number you have on file
If the caller says they are from a company you know or do business with, hang up and call them from a number you know. For example, if a caller says they are from your bank, call them back with the number on the back of your card.

Watch out for requests for sensitive information
Be suspicious of requests for sensitive information, such as user IDs and passwords, financial account numbers or Social Security numbers.

Be careful with websites
Be suspicious of requests to visit a website, particularly to fill out a form or download software.

Protect your computer
If you are asked to access anything on your computer, beware! Do not download software, give the caller access to your computer or modify systems files in any way.

Hang up
When in doubt, hang up the phone and do not accept future calls from the number.