Smishing is a type of cyber-attack that targets individuals through SMS (Short Message Service) or text messages. The term is a combination of "SMS" and "phishing." Smishing is a form of phishing that uses mobile phones as the attack platform. The attackers send the target an engaging text message to their phones, which is used to trick them into clicking on a link. This link shares private information from the targets smartphone with the attacker or even installs malicious software onto the targets smartphone. Smishing messages can contain malicious links to websites or downloads that install malware on a victims device. Smishing attacks are similar to other types of phishing attacks, in which scammers use phony messages and malicious links to fool people into compromising their mobile phones, bank accounts, or personal data. Smishing attacks can be a stepping stone to more sophisticated cyber attacks, such as identity theft or other types of phishing attacks.

To defend against smishing, it is important to be aware of the different types of smishing attacks and to understand the differences between smishing, phishing, and vishing. Basic Android and iOS security features often prevent malware, but even with robust security controls on mobile operating systems, no security control can combat users who willingly send their data to an unknown number. Users should be cautious when sending text messages and should read them thoroughly before clicking on any links or providing any personal information. It is also important to use anti-malware software and to keep mobile devices up to date with the latest security patches.