previous icon Back to blog
Trust Center

What Is Smishing and How Can You Protect Yourself Against It?

Even if you’ve never heard of “smishing” you have almost certainly been the target of this type of cyber fraud. Smishing weaponizes SMS messages to scam recipients into disclosing sensitive personal information or to unwittingly infect a mobile device with malware.

For most of us, not a day goes by without one of these fraudulent texts appearing on our phones; some clearly fake, but others much more professional and persuasive. Businesses, health providers, and governments are also harmed by smishing, not just financially but also reputationally because the fraudsters use (that is to say, abuse) reputable brand names to perpetrate their crimes.  

Fraudsters are persistent because smishing works. Europol recently rounded up 59 scammers who were using stolen credit card details to purchase luxury items. Smishing is at the mobile heart of a payment fraud apparatus which in 2021 caused global eCommerce to take a $20 billion hit.

The best way to frustrate the fraudsters is to identify their false messages, and to always be on guard. In this blog we describe how you can do that, and so prevent yourself or your company from being “smished”. 

Phishing, Vishing or Smishing

The term “smishing” is a mash-up of SMS and the more familiar cyber scam of “phishing” where fraudsters use emails to cast their bait of false information. If the mode of attack is a voice message we refer to it as “vishing”.


Whereas phishing is a scam that originated in the PC era, smishing and vishing are responses to the dominance of mobile communications and they are now increasingly prevalent. It is estimated that SMS attacks rose more than threefold during the first wave of Covid lockdowns in 2020, reflecting the opportunism of the fraudsters.

It’s not just individuals who are being targeted. The financial forensic experts Kroll reported that in 2021, 74% of companies were exposed to smishing, compared with 62% in 2020.

The rise in smishing attacks simply reflects the way we live now. We organize and record our lives on our smartphones, so this is where the fraudsters thrive. 

What Are the Most Common Examples of Smishing?

The Covid pandemic had a huge influence on smishing. As the lockdown forced us online for our shopping, we saw a huge increase in “delivery scams” with texts supposedly from UBS or FedEx urging us to click on a link to track our parcel or reschedule a delivery.

Fraudsters were extremely cynical in their exploitation of the Covid tragedy by telling people that they had been exposed to the virus or by claiming that they were entitled to certain Covid relief grants.

The isolation people felt made them more susceptible to “classic” scams such as fake bank or tax rebate messages. In 2020, the UK tax authorities received an astonishing 864,000 referrals of suspicious text messages; more than half a million offered bogus text rebates.

What all these smishing scams have in common is the sense of urgency with which they want us to act – i.e. to take the bait – before we’ve had the time to recognize them as fakes. This is the first telltale sign you should ignore and delete the SMS. But there are other ways to prevent being a victim of a smishing attack, and we shall conclude by looking at those. 

How to Prevent Smishing

There are some commonsense rules we should all observe:

  • If the SMS is unexpected, do not respond

  • Alerts from financial institutions can usually be verified online or by contacting them directly

  • Most smishing texts give the game away by random URLs, or URL addresses with HTTP rather than HTTPS prefixes which tell you the site is unencrypted.

  • Embrace two-factor authentication (2FA) which will thwart the fraudsters even if your account has been breached.

While growing awareness of smishing should over time reduce the menace, fraudsters are always looking to piggyback off the latest technologies to devise new scams.

Companies use SMS as a legitimate and highly effective marketing tool, often using SMS providers as to do that. Because smishing scams are essentially a numbers game, accounts are appealing targets for the fraudsters – they can hide their identity and send messages at scale free of charge. account holders should:

  • Enable 2FA on their account

  • Never share their API-token, or show it on their website(s) to end users, not even in encrypted form.

  • Set limits to monthly credit amounts so in the event of a breach, the damage is limited. is as determined to fight the smishing fraudsters as your telecom provider, your bank, and other targeted bodies, so if you suspect you have been a victim of fraud, contact the relevant organization as quickly as possible.

If you have any questions, feel free to reach out to your account manager or the fraud team.
connects tens of thousands of companies with millions of consumers via their mobile phone each day. Behind the scenes, from our innovative platform, makes sure companies can use these millions of messages, phone calls and payments to become part of people’s lives.
Is this region a better fit for you?
close icon