What is smishing?

Smishing? Seriously? Yes, it’s a real word. What’s worse is, it’s a word you probably want to avoid. You’ll need to learn more about it, because apparently the world isn’t a bad enough place.

Smishing, because no one reads email

By now you’ve doubtless heard of phishing. Phishing is the practice of trying to get you to give up your personal information through emails. These emails look like they are from someone you know, or a company you do business with. They’re a big problem, big enough that many workplaces severely limit email communication.

Smishing is essentially the same thing, except over text message. You’re asked to open a link in order to gain a reward or to deal with a perceived problem with something you’ve ordered. When you do, a web page can load malware on your device, entice you to give up your personal information, and generally cause havoc.

Because, that’s absolutely what we need right now, more ways to get sucked into bad places on our phones. The world is a wonderful place right now and we absolutely need just one way to make it worse. Oh if that were true.

Why do they call it ‘smishing?’

First you have to understand why they call it phishing. It has nothing to do with the Phish, the 1990s alt-rock band still popular in certain circles. While no one is 100% sure, the term may derive from the word “fishing,” meaning to look for information, and “phreaking,” a 1960s term for hacking the phone system. Obviously the “ph” in “phreaking” implied the use of the phone network originally.

Phishing, as a term, gained currency in the last decade and today most people are familiar with the problem, if not the word for it. Some of these emails look incredibly genuine and are easy to fall for.

So why “smishing?” I’d have to guess it has something to do with the proper term for texting, “SMS.” SMS stands for Short Message Service, by the way. It would be impossible for all but the extremely deft speaker to say “smsishing” so “smishing” it is. At least that’s my theory, and it seems to fit the facts.

How to tell a smishing text

Recognizing a smishing text is easy. Most of them use web links that look really kind of wrong. They may claim you’ve won money or that you need to verify an account at Amazon or Apple or some other common site. They will almost certainly come from a number you’ve never seen before, although it won’t be long before that changes.

As with other sorts of frauds, if it looks too good to be true, or if it looks like it’s designed to scare you, it’s probably not real.

Avoiding getting smished

So, first of all, I hate to break it to you. No one is waiting to give you $10,000 and you didn’t win a contest. That’s just not how life works. Not even a little. So delete those texts immediately.

If a text comes in claiming some account or other has been hacked, then go straight to the account. Don’t click on the link. If there is a problem, it will be very obvious when you click on a provider’s web site. Be smart, and it won’t be hard to avoid these scams.

Coming soon: messenger hacks

Actually, this already happened to me. A person sent me a message over a popular service claiming to be someone I already knew and asking me to call a number right away. I was lucky. It didn’t seem right and I investigated. So folks, this is gonna happen. You’ll have to be smart about it.

Because, as I said, everything else was going along so well.

About the Author

Stuart Sweet
Stuart Sweet is the editor-in-chief of The Solid Signal Blog and a "master plumber" at Signal Group, LLC. He is the author of over 8,000 articles and longform tutorials including many posted here. Reach him by clicking on "Contact the Editor" at the bottom of this page.