Smishing Attacks to Watch for in 2021

Smishing attack showing a fishing hook pulling out a credit card from a cell phone

Smishing is similar to phishing, except that the fake messages come to your cellphone in the form of texts instead of to your email. Keep an eye out for these smishing attacks you might see in 2021.

If you need to ensure your employees’ mobile devices are secure, check out this Product Selection Tool at TechnologyAdvice and get a short, unbiased list of vendors that can help.

1. “Urgent” messages about money!

Many hackers will send text messages posing as your bank or credit card company to get you to click on a link or provide them with sensitive information. They may tell you that your account has been locked and offer a link to rectify it or make up a fraudulent purchase and ask you to verify your identity to remove it.

While banks and credit card companies do occasionally send text to their members, it’s usually for authentication codes, or you might get an alert that there’s been a suspicious purchase on your account. However, these legitimate messages will almost never include links.

2. Fake messages from brands you trust

Because brands want to paint themselves as helpful, more companies are starting to send out notifications for shipping or when there is strange activity on their customers’ accounts. Whether it was a login from a new device or a purchase from a different city, businesses want their customers to feel like their data is safe with them. While this is helpful in many ways, it also makes it easier for smishers to use this tactic to blend in.

Fake survey links are a bit tough because most people don’t actually want to take surveys, so even the legitimate ones are usually unsolicited. One indicator of a real survey is that it was prompted by something you did. Maybe you went to a store or had an interaction with a customer service team. Additionally, more survey tools are now allowing you to put your answer right in the text message rather than having to navigate to a website.

4. “Congrats! You’ve won!”

Sometimes, you’ll get text messages claiming you’ve won something, and you need to click on a link to claim your prize. While this sounds great, it’s easy to see through these scams. For one, if you didn’t enter for anything, you definitely didn’t win it. Second, links are too easy to share. If all someone really had to do to win a prize was click on a link, people would share them, so their friends could get the prize, too.

Smishing attacks, like phishing attacks, are looking for the easiest targets, so they’re fairly easy to spot if you’re wary. Bad grammar and misspelled words are good indicators you’re dealing with a smishing attack. If you’re not sure about a message, you can also do an internet search for the number and the message. If it’s smishing, you probably aren’t the only one who’s gotten the exact same text.

While you can’t stop people from smishing, you can at least ensure that you don’t fall victim to it.


* indicates required