Smishing

Security+ 🏆 • Social Engineering 👥 • Threats ⚠️ • Difficulty: free

Definition

Smishing is phishing carried out through SMS text messages. Attackers use texts to trick people into clicking malicious links, calling fraudulent phone numbers, or sharing sensitive information such as passwords, payment details, or one-time codes.

Examples

A text claims a delivery failed and asks the user to click a link to “reschedule,” leading to a fake login page.
A message pretends to be from a bank and asks the user to reply with a verification code or account details.

Discover 🔎

Text messages feel personal and urgent. People often read them quickly, on a small screen, and while distracted. That makes SMS an effective channel for attackers. Smishing takes advantage of this by using short, believable messages that push you to act immediately, usually by clicking a link or calling a number.

Remember: Smishing is phishing by text. The channel changes, but the goal is the same: make you act before you think.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.