Have You Been Smished?


Submitted by [user:field_first_name]
Hide Featured Image
true
smartphone with mousetrip over a text chat as someone goes to type

Have you ever received a text message from a bank or delivery service asking for personal information or to click on a link? Well, you might have been smashed! Smishing is a form of social engineering that uses text messages (SMS) to trick you into giving up personal data or clicking on malicious links. The goal is usually to steal your passwords, credit card details or other sensitive information.

Why is Smishing Effective?

  • Smishing is relatively easy to orchestrate and difficult to track, especially with the use of burner phones or email-to-text services.
  • Nearly all mobile phones can receive SMS messages.
  • Users typically trust SMS messages more than email or phone calls, and they generally receive more attention than other formats.

How to Avoid Smishing Attacks
Smishing attacks are nearly impossible to prevent since most people have a cell phone, but here are five tips to help you avoid an attack:

  • Watch out for urgent requests. Scammers often create a sense of urgency to pressure you into acting quickly without thinking, so beware of messages requesting you to respond immediately.  
  • Be wary of unsolicited texts. Smishing texts are typically unexpected. For example, they might come from a leader who wouldn’t normally send text messages directly to staff.
  • Verify the sender. If you receive a suspicious text from a company or individual, contact them directly through their official website or phone number to verify their legitimacy.
  • Suspicious links. Be on the lookout for links embedded in text messages to exploit personal information.
  • Never share personal information. Don’t provide sensitive data like passwords, account numbers or Social Security numbers via text message.

Report Smishing

Do you think you’ve been smished? Here is what you should do:

  • Delete the message.
  • If you are using a state-issued device, contact OIT’s Service Desk.
  • Report smishing to the following:
    • Wireless Carrier: Most carriers allow you to forward suspicious texts to a shortcode (e.g., 7726 for SPAM).
    • Federal Trade Commission (FTC): Report smishing attempts online at ReportFraud.ftc.gov.

Stay Vigilant and Protect Yourself

By staying informed and following the tips above, you can protect yourself from smishing attacks. Remember, if it seems too good to be true or feels suspicious, it probably is. When in doubt, check it out.