Beware of Smishing Attacks!

Last updated: September 19, 2024
Person scrutinizing a text message on their phone

Smishing refers to any phishing message sent through SMS (Get it? SMS + phishing = Smishing!)

Like other phishing messages, smishing involves a cybercriminal pretending to be someone they're not, to extract information from you. Usually, these bad actors send SMS messages to your phone with a link to entice you to click on.

Smishing attacks seem to be particularly effective because many people falsely assume that their phone is more secure than their computer. The reality is that phone security has limitations and no mobile device can protect you from smishing, regardless of your phone’s operating system.

Another reason that many smishing schemes are effective is that they require very little beyond a small lapse in judgment to succeed. Many people check notifications on their phone while multi-tasking. Even the slightest bit of distraction can cause someone to let their guard down and respond to a text message without fully processing what the message contains.

Identifying a Smishing Message

While cybercriminals will use a variety of identities and premises in the presentation of their message, the primary smishing method to trap a victim is fundamentally the same.

Warning signs that a text message may be a smishing attack include:

  1. Asking for sensitive information (social security number, credit card number, etc.)
  2. Offering tax-based financial relief.
  3. Unsolicited public health safety updates.
  4. An urgent request to unlock your account
  5. Offering free services or products
  6. Confirming a recent purchase or invoice

What to do with a Smishing Message

The best way to protect yourself from smishing is to be cautious about any messages you receive from phone numbers you don't recognize.

You should attempt to verify the information in the message through a credible source. For example, if you receive a message from a sender who claims to be your bank, call your bank, using the contact information posted on the bank's official website, to verify whether the request is legitimate.

Finally, if you receive a smishing message that claims to be affiliated with UBC in any way, copy and paste the message into an email and report it to security@ubc.ca.

Go Further...

  • News

Privacy Matters @ UBC

Safety & Risk Services | 2389 Health Sciences Mall
University Counsel | 6328 Memorial Road,
UBC Cybersecurity | 6356 Agricultural Road
E-mail privacy.matters@ubc.ca

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning