Weekly Cyber Tips

Smishing is a portmanteau of “SMS” (short message services, better known as texting) and “phishing.” When cybercriminals conduct “smishing,” they send fraudulent SMS that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link.

“Some cell phone users have started receiving SMS messages along these lines: ‘We’re confirming you’ve signed up for our dating service. You will be charged $2/day unless you cancel your order: www.smishinglink.com.’ (This is an example and was not a real url at the time of writing)

How to recognize and detect a Smishing attack

A Smishing SMS is simply a text message with ill intent. But did you know that hackers are actually using manipulation tactics to increase the likelihood of a successful Smishing attack? Social engineering is a type of manipulation with the end goal of getting unsuspecting victims to give up confidential information. When it comes to Smishing, cybercriminals are typically after bank information, passwords, or social security numbers. They may also be trying to secretly install malicious software onto a victim’s device. If you received a smishing text message today, would you know what to look for?

Smishing texts may include:

  • A link you weren’t expecting
  • A downloadable file you weren’t expecting

  • An urgent plea for help, usually in the form of money
  • Congratulations on winning a contest you didn’t enter

  • The name of a banking institution you use or a brand you’re familiar with
  • An urgent request for you to verify personal information via a link or automated phone number

Smishing examples


Here are some cybersecurity tips to protect yourself:

  • Check the Source

    It’s not hard for scammers to imitate famous companies and brands. Text message numbers can be faked to resemble those sent from your bank or a company you frequently shop online with. If you do happen to click on a link, keep in mind that webpages can easily be imitated as well. If you’re not sure if a text is from who they say they are, don’t be afraid to call your bank or the sending company to confirm delivery of the text in question

  • It really can be too good to be true

    Did you win a contest you didn’t enter? Did you receive notice for a delivery you never ordered? It’s less likely that you’re lucky and more likely that you’re being targeted. Avoid clicking on links in any sort of suspicious congratulatory text..

  • Stay silent

    Scammers may sometimes imitate people you know, like your family members, friends, or even your boss, in an effort to extract information. If you get a text from someone claiming to be your significant other or new colleague asking for personal information, bite your tongue until you can confirm the identity of the sender.

  • Don’t store your credit card or banking information on your smartphone. If the information isn’t there, thieves can’t steal it even if they do slip malware onto your phone

  • Refuse to take the bait—simply don’t respond

Olalomi Safiu
Cybersecurity Analyst
Manitoulin Group of Companies
M 416-660-1407
Manitoulin Group of Companies