What is smishing?
Phishing does not always happen by e-mail. When it occurs as a text message on your smartphone, it is called smishing. We dive deeper into what it is, how you recognise it and what you can do about it.
Smishing is a contraction of SMS and phishing. Don't let the name mislead you: phishing attempts via WhatsApp, Signal or other services also fall under this term. Like vishing, smishing texts often involve a lot of social engineering.
How does it work?
There are usually two very different smishing tactics. The first is a traditional text message stating that a parcel is on its way, with an attached link to track its delivery. If you log in, hackers suddenly have access to a lot of your personal and account information. ‘Government messages’ sometimes make use of this technique as well.
A second smishing tactic uses internet-based services such as WhatsApp, Signal or Telegram. Someone will send you a message, for example in the name of your son or daughter, asking you to transfer them some money. They have just acquired a new phone number and because of a minor emergency, they need some money. Just a small amount - can't hurt, right?
How do you recognise it?
There is no anti-smishing technology available, so it’s up to you to keep your eyes peeled. Smishing is best recognised by looking at the sender's phone number. A government agency, bank or parcel delivery company will never use a normal phone number. Furthermore, you will usually notice similarities with phishing or vishing: they will try to put you under pressure with a deadline.
How do you protect yourself?
Never log in to a link in a smishing SMS sent to you by an unknown person. If it concerns a service, manually go to the correct login page of the service you want to reach, or use the official app.
If you get a request for payment from an acquaintance or family member with a new number, try to call them before paying: a hacker will always try to pass you off with an excuse like 'my microphone is broken'.