This page, SMS/Text Message Phishing, is offered by

SMS/Text Message Phishing

"Smishing", a text-message based variation of traditional phishing scams, is a growing cyber threat. Learn the warning signs and the steps you can take to protect yourself.

Phishing is one of the most common tactics used in online identity theft and cybercrimes. Using elements of social engineering, phishing is the fraudulent attempt to obtain a user’s sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication. A popular variation of this tactic, "smishing" or "SMS-phishing", has emerged as a growing cyber threat. SMS-phishing is a text-message based variation of the email-based scams that have been a staple for malicious actors for many years. SMS-phishing uses social engineering to leverage your trust to steal your information but, unlike more traditional email-based scams, SMS-phishing utilizes text and mobile messaging services such as WhatsApp and iMessage, to defraud victims. SMS-phishing is an attractive tactic to cybercriminals because victims are often under the misconception that their text messages are somehow more secure than their emails. This is a dangerous misunderstanding and one that fraudsters are all too willing to take advantage of.

Table of Contents

How to Recognize a SMS-Phishing Attempt

Like traditional phishing scams, there are ways that you can spot a SMS-phishing attempt.

Successful SMS-phishing scams…

• Fraudulently present themselves as a trusted entity and

• Utilize a sense of urgency or impending consequence

The most effective phishing attempts use psychological triggers to capitalize on natural human responses. It's not uncommon to see SMS-phishing claiming there has been suspicious activity on one of your credit cards or asking you to validate an account. The malicious actors are relying on the victim to react quickly due to fear. Any correspondence, whether e-mail or SMS-based, imploring (or even threatening) the need for an immediate response, should be treated with healthy skepticism. A sense of urgency or impending consequence are just some of the social engineering tools that fraudsters can use to lower your guard and steal your information or identity.

Protecting yourself from SMS-Phishing

Thankfully, SMS Phishing attacks are relatively easy to defend against. You can often keep yourself safe by doing nothing at all. One of the best, and easiest, ways you can protect yourself from SMS-Phishing scams is to simply not respond to text messages from people and phone numbers you do not recognize. Here are a few other helpful reminders:

  • Take time to consider your actions before responding to text messages. Ask yourself - 
    • Who is the message from?
    • What are they asking me to do?
    • What evidence supports the message?
  • Recognize financial threats or offers that seem too good to be true, for what they really are.
    • Rethink the information you’re sharing online. With so much information leaked from previous data breaches, hackers are able to piece together compromised information with the information you publicly share.

    REMEMBER: The Commonwealth of MA will not call, text, email, or contact you on social media asking for personal or bank account information—even related to the economic impact payments. Be suspicious of email with attachments or text messages with links claiming to have special information about economic impact payments or refunds.

    Additional Resources

    Feedback