Smishing is just as dangerous as phishing emails, so you need to be on high alert against them. To limit the chances of me falling victim, I keep note of some surefire signs that they aren’t legitimate.
What Is Smishing?
Smishing is when someone sends you a phishing scam via SMS. Many of themost common phishingattacksare also attempted via smishing. For example, I receive countless scam messages from people pretending to be a postal service.
Smishingdiffers from vishingbecause it’s entirely text-based rather than via voice calls or messages.The “Hi Mom!” scamis another example of a smishing attempt.
How I Spot Smishing Texts
Smishing texts annoy me even more than phishing; unlike phishing, these kinds of text don’t end up in a spam folder. As a result, I’ve put in significant effort to identify and avoid letting these scammers get their way.
Here are some of the easiest ways to spot a smishing text.
Phone Numbers Without an Organization Name
Remember earlier when I said that I receive lots ofpostal service scam messages? The good news is that these are often very easy to recognize. Start by checking if a phone number or organization name is there.
If you see a phone number, you can almost guarantee someone is trying to scam you. Official services will typically include their name. Smishing texts, on the other hand, typically do not.
However, you may sometimes see smishing texts with an organization name. So, you shouldn’t click on any links until you’ve verified further.
Shortened Links
Shortlinks are when a URL has been shortened and primarily used so that the link consumes less space. Unfortunately, some criminals have taken advantage of its usefulness to try to disguise malicious links. Other times, it’ll be something completely unrelated.
You might still see a shortened link when an official organization sends you an SMS message. However, the link will normally have something that can be traced back to the company (for example, you may see some letters from the company name). This isn’t always the case for smishing emails.
You must still be careful here, as scams are becoming more sophisticated. Nonetheless, short links and no official name are two pretty certain red flags. Besides smishing, you’ll also see short links used inscams on X (Twitter)and other social media platforms.
How Long After Performing an Action That I Receive the Message
I often receivefake shipping textsafter I’ve bought something, but people also try scamming me when I purchase a software subscription. Interestingly, the timescales differ for both.
When I’ve bought an item, I often receive smishing texts around the same time that I get an order dispatch confirmation. Since many postage companies have mobile apps, I recommend downloading the one related to your local service; you can monitor your order there more safely.
Incorrect Grammar and Spelling
Poor spelling and grammar are some of the easiestways to spot phishing scams via email, and many smishing texts also have this. I’ve noticed it in English, but I now live abroad and speak the local language better, I can identify grammatical errors in scam texts that happen here as well.
Common issues to look out for include double spacing between words and spaces between words and paragraphs. Poor spelling and illogical sentence structures are also clear indications that someone might be trying to scam you.
With the rise of generative AI, you’ll have to be more vigilant with smishing. But for now, at least, you can easily spot smishing texts by critically assessing their grammar.
Being Overly Polite
Maybe it’s their guilty conscience kicking in, but scammers often try to flatter you by being overly polite. Smishing is no different in this respect; if someone’s being overly nice, and you don’t know them, the alarm bells should start ringing in your head.
I’ve noticed that many phishing scams include terms like “Sir,” and they might also ask how you’re doing. These seem like nice gestures, but they’re a form of manipulation, and you should be very cautious.
Most people type more shortly via text; a friend might ask how you are, but an organization almost certainly won’t. Keeping this in mind is one of many effective ways toprevent becoming the next smishing scam victim.
Being Able to Respond
I have an iPhone, and one feature that automatically made smishing texts more obvious was that you can’t always respond to official messages. You’ll often see the text conversation but without a text box. Sometimes, the sender might also include something that says “This message can’t be responded to.”
Since Apple introduced this feature, I can’t think of a single company that has contacted me where I can respond. So, if I see that I can reply to something that’s supposed to be an official text, the thread now gets deleted without any second thoughts.
Before deleting the conversation, I recommend blocking the number. Sadly, there isn’t an iOS “Scam Likely” featurelike there is for vishing—but hopefully, we see this sooner rather than later. Android devices already have a similar feature for text messages.
Trying to Start a Conversation
I’ve received smishing attempts where a criminal has tried starting a conversation with me. I’m now smarter and will not reply to texts or calls that aren’t from people I know, but I have taken the initial bait in the past. Soon enough, though, I realized the other person didn’t have good intentions.
Some conversations can be weirdly specific, such as knowing the country you live in. The easiest thing to do here is to not reply to anyone you don’t know. Someone might try contacting you repeatedly; if they do, block the number.
Smishing texts are sometimes very convincing, but with some due diligence, you can often oust them before any damage is done. Always question the legitimacy of texts you receive, and to be honest, you should also ensure that you trust any friend or family member who’s asking for money. Adopting a zero-trust policy will save you from a lot of pain.
