Smishing - what it is, common signs, and how to stay safe over SMS

Smishing

What it is

Smishing is phishing over SMS. You get a text that looks urgent or official and it tries to make you tap a link or reply with info. The goal is the same as classic phishing: steal passwords, card numbers, or one-time codes. Basics and examples: https://gridinsoft.com/smishing

Why it matters

Texts feel personal and people react fast. One tap can send you to a fake login, install a shady app, or hand over your 2FA code.

How it works 

  • Hook: “Your package is held,” “Bank alert,” “Tax refund,” “Account locked.”

  • Bait: a short link to a fake site or a request to text back details.

  • Push: pressure to act now - or you’ll get fees, fines, or missed deliveries.

  • Take: credentials, card data, or a malicious app install.

Red flags

  • Unknown numbers or “local-looking” numbers you don’t recognize.

  • Short links you can’t preview, or links that don’t match the brand’s site.

  • Requests for one-time codes, full card numbers, or banking details.

  • Threats, countdowns, or prizes you didn’t expect.

Do it right

  • Don’t tap links from unexpected texts. Go to the official app or website yourself.

  • Never share one-time codes in a reply - not with anyone.

  • Block and report the number; delete the message.

  • Turn on MFA and use a password manager so stolen passwords are less useful.

  • On Android/iOS, keep the OS and apps updated; remove any app you didn’t mean to install.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Mobile Malware

        What it is Mobile malware is malicious software that targets phones and tablets. It can steal messages and passwords, spy through permissions, hijack your browser, or lock files for ransom. Infections usually arrive through shady apps, smishing ...

      • Phishing

        What it is Phishing is a scam where someone pretends to be a trusted person or service to trick you into giving up passwords, card numbers, or other sensitive data. It shows up in email, texts, social DMs, and look-alike websites. For a quick ...

      • Mobile Code

        What it is Mobile code is code that arrives with a page, message, or app and runs automatically on your device. Think scripts, macros, plug-ins, and mini apps that add features like forms, animations, or in-app widgets. When misused, the same ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...