What are smishing attacks & how to avoid them?

Whenever you use an internet-connected device, you run the risk of being hacked, spammed, phished, or falling for some other nefarious ploy. But have you ever heard of smishing attacks?

Table of Content

Smishing is SMS phishing and involves sending a message that links to malware or a page designed to coax personal information from you. You may have already encountered something like this before.

No one wants to get smished, so let’s discuss smishing attacks and how you can avoid them.

What does a smishing attempt look like?

Most smishing attacks look fairly similar. First, you’ll receive an SMS that contains a compelling proposition and a malicious link. Perhaps you’ve won a prize you must immediately claim. Or maybe you’ve got a package waiting at the post office.

You could even have a legal issue you need to address. Whatever the premise, smishers craft their messages to grab your attention and compel you to tap that sketchy link.

Next, assuming you fell for the ruse, opening the link will usually do one of two things. If you’re using an iOS device, you may end up on a website that’s requesting sensitive information, such as credit card details or login credentials.

If you provide that information, congratulations, you’ve fallen into the smisher’s trap.

You may encounter the same attack on an Android device, but you could also end up installing malware. While Apple makes iOS difficult for malicious software to penetrate, the Android OS is a little more vulnerable.

Once your phone contracts malware, the perpetrators of the operation could potentially monitor your device, extract private information, or perform some other dastardly deed.

If you do fall victim to a smishing attack, you should immediately change any compromised account details and cancel all relevant credit cards.

Additionally, you should take steps to remove any malware from your Android device if you suspect an infection.

How to avoid a smishing attack

Prevention is always better than the cure, and the simplest way to avoid getting smished is to never open SMS links from people who aren’t in your contacts list.

Even if the message appears to be from your bank or the post office, you should always confirm the details of the text through alternate means.

For example, contacting your bank using an official number is a safe and effective confirmation method.

You should also consider utilizing your phone’s spam filter. Android and iOS both have filtering tools that you can use to catch messages that aim to smish you.

Enable the message spam filter in Android

Here’s how you can enable your Android SMS spam filter:

Launch the Messages app and tap the More (three dots) menu
Select Settings
Tap Spam protection
Switch on Enable spam protection
When you receive an SMS from an unknown number, you’ll also see a Report spam option when you open the message.

It’s always a good idea to report the number as spam. Reporting sketchy senders helps Google improve its spam detection tools which helps everyone (hopefully).

Enable the message spam filter in iOS

While iOS doesn’t offer automatic spam detection, you can opt to filter out unknown senders. The setting won’t block messages but will place them in a separate tab.

Here’s how to filter messages from unknown numbers in iOS:

Go to Settings > Messages
Switch on Filter Unknown Senders

In iOS, you can also report suspicious texts as junk or spam. To do so, you can open the relevant message and tap Report Junk.

Use common sense to avoid smishing attacks

Like phishing, smishing relies on the carelessness of its victims to succeed. But hopefully, you now feel more equipped to recognize and stop attacks.

While extra security software can help detect malicious links and malware, the simplest anti-smishing solution is to discipline your tapping finger and avoid opening anything that appears even remotely suspicious.

Scammers prefer soft targets. Therefore, you should harden your resolve and make yourself as difficult to smish as possible.