IT security at the University of Bern

Smishing - phishing via text message on your smartphone

Smishing is a form of phishing that uses text messages via SMS, WhatsApp, or other text messaging services to ask users to click on a link or disclose information. Since text messages are more trusted than emails, the success rate of smishing is relatively high.

What is smishing?

Smishing attacks aim to steal personal data and use it later for fraudulent purposes. Similar to phishing, data theft often works with the help of fake messages. The only difference is that the cyber attack is not carried out via email but via SMS or messenger services such as WhatsApp. The nasty thing about it is that smishing attacks are amazingly well thought out and can hit anyone.

Why does smishing work?

Many users are now familiar with phishing and examine their email inbox with healthy suspicion. Spam filters of email providers also help effectively to prevent phishing attempts. This automated protection mechanism is missing on many smartphones. The recipients often regard the senders of SMS or text messages as trustworthy and open them accordingly without a second thought. 

In addition, everything is displayed a bit smaller on the cell phone and is faster - people are on the move, often get distracted and react more quickly to a message. This fulfills the requirements of the smishers, who provoke precisely that.

How smishers proceed

The procedure is similar to phishing via e-mail: Fear is often used as leverage. The text messages warn that access will be blocked or that the affected person's account has already been hacked. In many cases, however, the messages are requests to reset passwords, messages to authenticate accounts, a request to update your user data or even delivery of a postal package.

A common smishing attack method uses brand names or names of well-known companies with links that supposedly lead to the company's website. Usually, an attacker tells the user that they have won money or offers a malicious link pretending to be used to track packages.

Thus, users are urged to react quickly; otherwise, they will expect unpleasant consequences.

The users
are requested
to react quickly.

Protect yourself!

  • Don't let yourself be pressured, and look closely.
  • Check the sender and call them if necessary - not on the phone number that appears in the text message, but on the official number.
  • Do not open any documents if you do not trust the sender completely.
  • Make the recommended updates on your smartphone.
  • Delete suspicious messages.
  • If you have responded to a smishing and revealed information, you can find recommendations on how to proceed in our article "First aid for cyber accidents".