Smishing – The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers. Smishing gets it’s name from combining the words “SMS” and “Phishing”.
Many times, a smishing attack will be portrayed as a bank or other source of personal information prompting you to follow a link using the same sense of urgency that other phishing methods use. An example would be a text message appearing to be from Wells Fargo reading, “Follow this link to confirm your $128 purchase.” Other times they may provide a fake incentive like, “Congratulations! You’ve won a 4 day cruise! Click here to claim your prize.”
Smishing can also be used as a follow-up to email impersonation. In some instances, the attack will start as someone impersonating a trusted source via email, asking for your cell phone number. They will then proceed via text message which is outside the protection of email security. Learn more about email impersonation here.
To avoid falling victim to smishing attacks, always confirm the message’s legitimacy with the source that it claims to be from. If it shows to be from your bank, call your bank using a number from something reliable like a billing statement. It’s also important to remember that you can’t win a contest that you did not enter.