Text Size
12 Oct 2023

The Smishing Link

Online Safety - Telephones

Predators await to take you hook, online and sinker   

Borrowing a line from the movie Jaws: just when you thought it was safe to go back onto your device then another form of ‘attack’ comes swimming your way. Smishing is definitely fishy. 

Smishing is a combination of the words ‘SMS’ and ‘phishing’. The term is used to describe cyberattacks leveraging apps used for texting. These include Android Messages, WhatsApp, Facebook Messenger, Facetime, and all the countless alternatives that continually emerge.

Smishing attacks are an increasingly popular way for cyber criminals to target their unsuspecting victims by tricking people to download a Trojan Horse, virus or other malware onto a cellular phone or other mobile device.

Globally smishing attacks have spiked of late, rising in the United States 328% in 2020 alone. Financially they are rewarding. According to the FBI’s 2020 cybercrime complaint report, phishing-based techniques such as smishing cost over $US 54m in losses.

More and more, people are mindful that cyber criminals frequently exploit emails (phishing) and phone calls (vishing) as vehicles for their scamming malfeasance (illegal and causes harm). In this new form of attack, their logic is that when it comes to using their preferred messaging service, people sometimes let their guards down. 

Possibly because they perceive that these technologies are more for ‘fun’ and ‘life stylish’ versus email, which is more ‘serious’ and business like. Little wonder that cyber criminals have figured out that smishing is a good way to catch people off-guard.

Did you know that the global cost of cybercrime in 2021 was US$ 6 trillion, estimated to rise by 2025 to $US10.5 trillion.

Taking the bait

As with phishing, cyber criminals use smishing as a means to trick people into disclosing personal information, or performing an action, that will compromise their security. Because these messaging services are the means to share videos and images, scammers can often coax a victim into downloading some malicious software (malware) by sending a text message with an attachment (containing malware disguised as an image).

Often the invitation seems simple and irresistible: “Hey, you really have to check this photo out!”

Other smishing attacks are more sinister directly linking to a dangerous website used for criminal purposes. Once the link is clicked, the victim’s device is infected with malware allowing criminals to perform actions like stealing banking information or taking full remote control of the device.

Some smishing activities are less technical simply harassing and bullying the target into purchasing anything from gift cards to fake security software. This trail of deceit can lead to being duped to contact a help line where the real damage comes into the equation.   

Avoiding the Big Bite

Similar to other species on the menace list, the key warning signs that you are a target in a smishing attack are very similar to those for phishing. One key difference is that SMS messages are usually shorter in length and less formal in style than emails.  This makes it more difficult to spot clues that they are not legitimate and that danger lurks.

Good smish spotting skills involve being watchful for:

  • Urgent requests for money (even from friends, family and colleagues)
  • Messages that give you a very strong emotional reaction. Trust your instincts
  • Threats or intimidation
  • Alarming messages from an official organisation (e.g. Police or IRD)
  • Offers that seem too good to be true (e.g. a prize for a lottery you never entered)
  • Someone trying to rush you into taking an action
  • Requests for personal information (e.g. how much you earn)
  • Messages attempting to sell gift vouchers and the like

Be on the lookout

You shouldn’t stop ‘surfing and swimming’ the Internet just because there are sharks in the water. Keep your messaging apps fully updated to thwart any new security vulnerabilities that may loom on the horizon. Setting your apps to update automatically will not remove all risks, but it will make it more difficult for hackers to use technical attacks with impunity.   

Cyber criminals are cunning. They often hack a messaging account and use it to target the victim’s contacts. By sending their smishing messages from a seemingly trusted contact, the ‘bad guy’ are much more likely to be successful. If you receive a message from a friend or family member that strikes you as odd, take some time to think before acting.

Tell-tale signs, such as subtle differences in wording, may be a clue that your contact is not the one who wrote the message you are reading. Where you have any doubts about a message, use another means of communication (such as a phone call) to confirm the sender is legitimate or not. 

How to escape Jaws 

The way you respond to a smishing attack will obviously depend on the type, and level, of harm and danger. Some common remedies include:

  • Contact your bank immediately to attempt to suspend or reverse a payment if you have fallen prey.
  • If your message account is total engulfed, and depending on your service provider, you may be best to completely delete your account and not just uninstall a particular app. This is the only way to prevent the hackers from using your identity to attack others in your contacts list.
  • If scammers are harassing you, stop communicating with them and try to block their number(s). If they persist with numerous other numbers, you may need to acquire a new SIM card and number. If you have to take this step, don’t forget to inform your family, friends, bank, and other key contacts of the changes.

Biting back

If you believe you have been the victim of a smishing attack, or are being spammed via your messaging service, you can report this to Netsafe on 0508 NETSAFE (0508 638 723). Alternatively, you can use the NZ Police’s 105 number for non-emergency situations or call 111 for emergencies.

In all matters related to cyber security it is always best to be safe and avoid being sorry. 


Feedback welcomed

We'd like to hear your thoughts on this information about ageing.

Click here to submit your feedback.

Published: March 2020

Reviewed: October 2022

To be reviewed: October 2025