'Smishing' is a form of attack carried out via text messages or SMS by spammers and cybercriminals. The word is a combination formed using 'SMS' and 'phishing'.

Phishing is a method used by cybercriminals to send out emails that appear from genuine sources, but are actually fraudulent and designed for collecting personal information from unsuspecting users.

In case you have been receiving multiple spam text messages, chances are that you may have become a victim of Smishing. It is also likely that you are a victim of data breach; especially so, if you have ever given out your number to a business or retailer. As a result, you may be getting spam text messages from people you do not know because your number which was stolen in data breach and sold to unknown buyers on the dark web, may have well been yours.

The dark web is a portion on the Internet where website operators and users remain hidden and untraceable. Online transactions can, therefore, be conducted on the dark web in complete anonymity. Cybercriminals always prefer the dark web to buy and sell large volumes of stolen customer data. When Smishing, cybercriminals use automated services to send out bulk text messages that contain phishing links from anonymous numbers.

Some smishing scams identified include ones that tell users their online accounts (such as Apple ID) are expiring. Others offer promises of cash prizes, if only they click on the included link.

At times, smishing can lead to installation of virus or malware on the user’s devices. In such cases, the consequences can be damaging for users. Cybercriminals design virus and malware that are able to steal personal information such as names and addresses stored in phone address books, financial information stored on users' mobile devices, etc.

Smishers usually look for missing pieces of information that they were initially unable to obtain from hacked data. That could be Aadhaar number, PAN, password, or any other personal detail that can help cybercriminals access your accounts.

Key steps to avoid a Smishing scam –

  • Do not click on any link embedded in SMS received from unknown numbers
  • Do not respond to messages from unknown or untrusted numbers
  • Verify the content along with the authenticity of the number from which you have received the SMS
  • Do not click on links in SMS. Instead, type out the official web link in the address bar of your device browser
  • Block spam calls and text messages or use a reputable spam-blocking app or the device’s in-built feature to automatically block Smishing attempts