What is Smishing and how do you prevent it?

2 minutes read

smishing sms

With the rise of mobile banking and the holiday season ahead, Smishing -phishing via SMS- is back in the spotlight. But what is Smishing exactly and - more importantly - how do you prevent it?

What information will be provided via SMS and what not?

First of all, it is virtually impossible that your bank sends you a text message with a link to log in for online and mobile banking. Banks can communicate phone numbers via SMS, for example, to block your credit card if any suspicious transactions take place on your bank account. However, they do not ask you to log in via a link. In any case, it is wise to install an extra layer of security on your online accounts, for example with Two-factor authentication (2FA).

Fraud in the United Kingdom

The British bank Barclays investigated online fraud in the United Kingdom. They concluded that the number of online fraud cases over the coming holidays might reach a new record. The combination of the rise of mobile banking and the shopping madness during the festive season, causes Smishing to become an important factor in online fraud.

The well-known phishing email

Everyone knows phishing e-mails these days, which must tempt you to log in on what appears to be an online portal from a bank. The unsuspecting customer enters his bank's login details on the fraudulent portal, after which the internet fraudsters are in possession of the login name and password and raid the bank account.

Smishing, the unknown sister of phishing

This same construction is also possible via SMS. The sender id for SMS messages can be changed so it looks like the SMS message comes from the bank, but in fact it comes from a person. A link to a fraudulent portal in the message does the same as the link in a phishing message, only via the mobile phone. Smishing also works when fraudsters send a phone number in the message. If the victim calls the number and issues privacy-sensitive information, this can also cost a lot of money.

Account plundered after Smishing

A resident of the island of Guernsey lost over 37,000 euros when he called the number that fraudsters sent in a text message. The victim thought that the text message came from his bank. He called the number, released sensitive information and his bank account was plundered.

The man retrieved all the money but this case shows that Smishing has the same risk of fraud as phishing. Smishing is perhaps even more dangerous because it is a less known fraud method. Nevertheless, since this year there are more searches on Smishing, which may indicate that the phenomenon is becoming more popular among fraudsters.

Some tips to prevent fraud via Smishing:

  1. Make sure your online (banking) environment has an extra layer of security (2FA)
  2. Be careful with links and phone numbers in text messages
  3. Make sure your bank reports unusual transactions
  4. Never communicate your credit card details, username and password
  5. If in doubt, contact your bank immediately

Read more on 2FA!

Enjoyed this article? Please share the news!

Continue reading

Next Mobile trends for 2018: What can we expect?
Previous Identity innovation for the future: will privacy beat service in 2018?
Back To news overview

Related articles

Cloud services easily abused for absent verification
Webinar: Improve your IT security with Tokenless Authentication via SMS
“Too little awareness for securing our mobile devices”
Whitepaper 2FA: Unlocking Security Potential through your mobile phone
Webinar Quality tokenless authentication using SMS

About the author

Charlotte van Raak is content marketer and makes sure our readers always have interesting blogs to read about how to engage with customers. During the day, she answers 1K questions in her role as communications advisor. At night she preferably sleeps.

Connect with Charlotte on