Smishing is a form of social engineering that exploits SMS, or text, messages

person using mobile device at home

Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number.

This ruse tends to be effective because while most of us have learned to recognize phishing emails, we are still conditioned to trust text messages. Also, there’s no easy way for us to preview links in a text message like we can if we are viewing an email on a PC.

Suspect a smish?

Validate any suspicious texts

If you get a text allegedly from a company or government agency, check your bill for contact information or search the company or agency's official website. Call or email them separately to confirm whether you received a legitimate text. A simple web search can thwart a scammer.

Don't engage

Never click links, reply to text messages or call numbers you don't recognize. Do not respond, even if the message requests that you "text STOP" to end messages.

Delete it

If you don’t know who it’s from and it looks suspicious, simply delete the text.

Update your device

Make sure your smart device OS and security apps are updated to the latest version.

Add extra security

Consider installing anti-malware software on your device for added security.

Spot the signs of vishing

Vishing is a telephone-based form of social engineering where someone calls you directly and pretends to be from a legitimate company or service Once on the line, they ask questions, try to get you to do something, or direct you to a website in order to obtain personal information, such as social security or financial account numbers.

Check the company

Is the phone call from a legitimate company? If you can, look up the phone number or company name to see if it is legitimate. Always be extra cautious if it’s a company you’re not familiar with.

Call them back using a number you have on file

If the caller says they are from a company you know or do business with, hang up and call them from a number you know. For example, if a caller says they are from your bank, call them back with the number on the back of your card.

Watch out for requests for sensitive information

Be suspicious of requests for sensitive information, such as user IDs and passwords, financial account numbers or social security numbers.

Be careful with websites

Be suspicious of requests to visit a website, particularly to fill out a form or download software.

Protect your computer

If you are asked to access anything on your computer, beware! Do not download software, give the caller access to your computer, or modify systems files in any way.

Hang up

When in doubt, hang up the phone and do not accept future calls from the number.