What is smishing?

Smishing is a type of phishing to obtain confidential information (passwords, bank details...) from third parties. We will explain to you what it is and provide some basic safety tips.

What is it and what is it for?

Smishing is a type of social engineering attack that is carried out via mobile phone messaging or SMS. The objective is to obtain personal data, passwords, credit card numbers and/or bank account numbers and in general any type of sensitive or confidential information. To achieve their purpose, the attacker will use the identity of people and organisations.

How is it done?

The attackers send messages via instant messaging or by sms in which they announce, for example, that you have won a prize or there is a problem with your banking information. The message includes information for the user to call a certain telephone number to complete the process, where the data required by the attacker will be acquired, or to enter a link to a malicious web page where the user will enter such data.

Security recommendations: how to avoid smishing

Given the high incidence of phishing and the different methods used, it is best to adopt some recommendations and safety habits:

  • Take a guarded approach to any messages or sms asking for sensitive data. In case of doubt, it is advisable to contact the sending company or administration to ensure that it is not a fraudulent activity.
  • Do not click on links to websites that are sent to you via instant messaging or sms. Go directly through the browser or a search engine to the page you want to go to and not through suspicious links.

You might be interested in