Smishing

Smishing (SMS phishing) is a social engineering attack delivered through text messages. Attackers send text messages containing malicious links or urgent requests designed to trick recipients into revealing credentials, installing malware, or taking other harmful actions.

Smishing exploits the trust people place in text messages and the tendency to act quickly on mobile devices. Messages often create urgency — fake delivery notifications, account warnings, or IT alerts — to pressure recipients into clicking links before thinking critically about the message.

Why It Matters

As mobile devices increasingly access corporate resources, smishing becomes a relevant threat. Security awareness training should cover SMS-based attacks alongside email phishing to protect the full range of communication channels employees use.