Smishing

Sec+ Glossary 📖 • Social Engineering 👥 • Threats ⚠️ • Security+ 02 • Difficulty: free

What is Smishing?

Smishing is phishing carried out through SMS text messages. Attackers use texts to trick people into clicking malicious links, calling fraudulent phone numbers, or sharing sensitive information such as passwords, payment details, or one-time codes.

Examples

A text claims a delivery failed and asks the user to click a link to “reschedule,” leading to a fake login page.
A message pretends to be from a bank and asks the user to reply with a verification code or account details.

Discover 🔎

Text messages feel personal and urgent. People often read them quickly, on a small screen, and while distracted. That makes SMS an effective channel for attackers. Smishing takes advantage of this by using short, believable messages that push you to act immediately, usually by clicking a link or calling a number.

Remember: Smishing is phishing by text. The channel changes, but the goal is the same: make you act before you think.

Summary 📝

Smishing is phishing delivered by SMS. Attackers use short, urgent messages to push victims into clicking links, calling fraudulent numbers, or sharing sensitive details and one-time codes. It works well because people trust texts and have limited ability to inspect links on mobile devices. The best defense is to avoid using links in texts and verify requests through official channels.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.