Fun, but very important, fact: your smartphone is not immune to the various hazards that attack computers. You’ve heard of phishing, which typically works through email. Smishing is similar, but it relies on text messages to reel in victims. Like phishing, a smishing message looks like it comes from someone you trust, like a bank, or a family member. The goal is to get personal information from you, such as your social security number, passwords, and other things the attackers can use. Often, they will then try to steal your identity or your money, but sometimes there will also be malware in the message that gives them access to your phone.
There are a few reasons smishing can be more dangerous to you than phishing. While users typically distrust (and therefore more closely scrutinize) email, they are less careful with texts. Text messages also inspire more urgency than emails. Although you might wait to deal with an email, a text tends to be something you want to answer right away. One calculation shows that the average response time for a business email is 107 minutes. In contrast, responding to a text message typically takes around 90 seconds to 3 minutes. Not taking the time to scrutinize might make you more susceptible to clicking an untrustworthy link. However, taking precautions can help protect you from scams hiding in your texts.
The Federal Trade Commission has some tips to avoid phishing, which can be pretty easily applied to smishing. You may think it’s easier to click the provided link rather than type your bank’s (for example) web address. Type it yourself anyway. Another important thing to remember is that bad links can come from people you know. If their phones have been compromised, you could be getting a smishing message. Bottom line: a message to your phone is not necessarily benign. Be appropriately watchful.