Smishing | Intel 471 Skip to content

Smishing

The fraudulent practice of tricking a user into revealing sensitive personal data or sending money via a text or SMS message.
Homepage slide 1
11 Smishing

Smishing, also known as SMS phishing, is the act of tricking a person into revealing sensitive data or sending money via a text or SMS message.

As the definition of smishing suggests, the term combines "SMS" and " phishing." To further define smishing, it is categorized as a type of social engineering attack that relies on exploiting human trust rather than technical exploits.

SMS marketing has been around for many years. Businesses use this method to send out offers, discounts, promotions, and other types of information via your mobile phone. Text messages are sent to a specific group of people who have given their consent to receive them on their personal devices. Consider smishing to be a dark offshoot that takes advantage of the normalcy around SMS marketing.

If you receive an SMS message that reads like this: "You have been selected for a free gift card," or "You have won a prize," then you should not click on the link in the email. Instead, go to the legitimate website offering the gift and search for the information about the offer. Then, delete the text immediately.

What can businesses do to protect against smishing attacks?

Many mobile platforms don't come with anti-phishing technology baked into their SMS messaging applications. Traditional endpoint defenses that identify and block email phishing are often not built with smishing in mind. As such, businesses must put in place specialized mobile security protections that are purpose-built to protect mobile devices against threat vectors such as smishing. Ideally, the solution should be integrated with the rest of its endpoint management and protection software, with centralized management and automated remediation to ease the burden for the IT or security teams.