What Is Smishing?

The term “smishing” is a combination of “SMS” — or “short message service,” the technology behind text messages — and “phishing.”

Smishing is a social engineering attack that uses fake mobile text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals.

Smishing is an increasingly popular form of cybercrime. According to Proofpoint’s 2023 State of the Phish report, 76 percent of organizations experienced smishing attacks in 2022.

Several factors have contributed to a rise in smishing. For one, the hackers perpetrating these attacks, sometimes called “smishers,” know that victims are likelier to click on text messages than other links. At the same time, advances in spam filters have made it harder for other forms of phishing, like emails and phone calls, to reach their targets.
The increase of bring-your-own-device (BYOD) and remote work arrangements have also led to more people using their mobile devices at work, making it easier for cybercriminals to access company networks through employees’ cell phones.

Learn how smishing attacks work, and what you can do to avoid them.