Smishing is when fraudsters use text messaging to impersonate a trusted organisation and steal your identifying information, such as your National Insurance number, account usernames and passwords, bank account information or credit card numbers.
Smishing texts often also include malicious links the victim is encouraged to open. When the victim clicks the link, malware may be downloaded to their device or they may be directed to a login or billing screen. The scammer can then capture the victim’s login credentials, financial information or personal data, which can ultimately be used for identity theft.
Smishing attacks are used with a variety of scams, but the ultimate goal remains the same: to steal your information. Like other types of phishing, these scams rely on creating excitement, urgency or fear to get victims to act quickly. They might promise prizes or warn of financial or legal trouble to coerce you to act, or they might attempt to confuse you by sending fake invoices for products you never ordered.
The most common type of smishing in 2021 was delivery scams, where the fraudster would impersonate Amazon, USPS or FedEx and lure victims with a seemingly legitimate link to track a package. COVID-19 scams, in which fraudsters offer tests in exchange for personal information, were the second most common smishing attack.