UW–⁠Madison Information Technology
Connecting & supporting our digital campus
Phishing scam

Is that text message real—or is it smishing?

Posted by Whitney Jacobson on November 15, 2022

Even if you’ve never heard the word “smishing,” you’ve likely encountered it. Smishing is a version of phishing—but instead of email, it most often arrives via a text on your phone.

As in all types of phishing scams, the message attempts to appear from a reputable source to trick you into following a link you shouldn’t, opening an attachment or revealing personal information such as passwords or credit card numbers. The scammers may also offer you a deal or ask for a charitable donation. If you receive a smishing attempt, don’t be alarmed. To truly get phished, you need to take some type of action (like clicking a link you shouldn’t). Simply receiving a smish won’t result in any damage.

How to protect yourself from smishing

  1. Add your number to the Federal Trade Commission’s National Do Not Call Registry (Source: donotcall.gov). You only need to add your number once, as registrations do not expire.
  2. Ignore the smishing message.
    • Don’t click on any links.
    • Don’t open any attachments.
    • Don’t respond to any requests.
  3. Block the sender and forward the text to SPAM (7726).
  4. Update your phone’s security settings.
    • Change your phone’s settings to filter out unknown senders:
      • For iPhones: click Settings>Messages>Customize Notifications, and disable Unknown Senders to stop unwanted alerts.
      • For Android phones: tap the three dots in messages>Settings>Spam Protection, and check the Enable Spam Protection toggle. Once enabled, your phone will analyze texts and auto-block messages that look suspicious.
  5. If a smishing message makes you feel physically threatened, please contact your local police department.

Why do criminals use smishing?

It is much easier for a criminal to find your phone number (only 10 digits in the U.S.) as opposed to finding your email address (which is not limited in size and can include numbers, letters, and symbols). Scammers can simply send text messages to any combination of 10 digits and see who takes the bait. Gartner reports that users read 98% of text messages and respond to 45%. It’s logical for scammers to use this method over email )according to Gartner, only 6% of emails receive responses).