In the third version, you might get messages asking for personal or financial details directly—with prompts to reply to a text with your bank details, for example, or with login details for a certain website. As with the redirects to fraudulent websites, these details will go straight to the people behind the smishing attempt, who will most likely use them to try to steal money or information.
The Warning Signs
While we can’t offer a foolproof guide to spotting every single smishing attack you might come across, there are some red flags to look out for. One is messages coming from numbers that don’t seem correctly formatted or that contain unusual characters—these might be genuine messages from businesses or automated services, but they might also be smishing attempts, so proceed carefully.
It’s actually rare that any person or company will need to send you a message with a link embedded in it, so you can view such messages with suspicion. It’s rarer still that these messages will appear out of nowhere—if they are authentic, they’ll usually show up as you’re trying to verify an account or making an inquiry or having an active conversation with someone.
Another sign that gives away a lot of smishing messages is their sense of urgency. Many of them will ask you to act fast and impose some kind of time limit on a response so you are less likely to think about what you’re doing. They might also try to entice you to follow a link by talking about something shocking or controversial that needs immediate attention (pretending that videos of you have leaked online, for instance).
They might dangle a reward for responding (“win a gift card”), or the message might masquerade as a warning (“your account has been suspended”). The bottom line is that smishers want you to take action.
Keep Your Devices Protected
The security advice for guarding against smishing isn’t much different from the advice for protecting your devices against any other kind of threat. Keeping your phone’s software and web browser up to date is important and should ensure a lot of smishing attacks get blocked by the security features built into Android, iOS, Chrome, and Safari.