What Is Smishing, and How Can You Defend Against It?

Smishing and How to Defend Against It

  • Smishing (or SMS phishing) is a type of social engineering attack in which attackers use text messages to try to trick victims into revealing sensitive information or performing a specific action, such as clicking on a link, downloading an attachment, or even purchasing gift cards (e.g., Visa gift cards).
  • The attackers usually send a text message that appears to be from a valid source, like a colleague or friend, bank, government agency, a well known company (e.g., Amazon), and it may contain a sense of urgency or warning to the recipient that requires their immediate attention. 
  • The message may ask the victim to provide personal information, such as account credentials or credit card numbers, or to click on a link that takes them to a malicious website where their device can be infected with malware or ransomware.
  • Smishing attacks are not always easy to detect since the message often appears to be coming from a trusted source and may contain logos or other branding that looks legitimate. To protect themselves from smishing attacks, individuals should be cautious about sharing personal information via text message, verify the sender's identity before responding to a text message, and avoid clicking on links or downloading attachments from unknown sources.

Q. Where do hackers get our information? A friend of mine here at the University was hacked the other day by what appeared to be a member of senior management. Was he actually compromised?

A. No, your friend was not compromised. This information is easily attainable by what hackers refer to as “reconnaissance” or “recon.”

The steps are usually something along these lines:

1.       They start with (for example) our website, Fairfield.edu.

2.       They quickly determine who is who, in which department, who the Deans are, the VPs and above to refer to in the text (the SMS phish or “smish”). This is clearly to pretend to be the member of senior management and persuade the victim to release sensitive information or possibly make a purchase.

3.       The next step is to research the target individual to find their mobile number. 

4.       At this point they now have the influential people at the University, the target person, and the target person’s mobile number.

5.       The fraudster then sends a text (the “smish”).

6.       The attacker is banking on a little persistence and effort paying off.  With untrained users, the chances are higher.  However, the better trained and prepared we are the more likely the scammer will come away with nothing.


If you think you have been a victim of smishing, please do not hesitate to contact the Help Desk at (203) 254-4069 to report this incident.

Related Web Site : https://itshelpdesk.fairfield.edu

For more information, contact ITS Help Desk / (203) 254-4069 / itshelpdesk@fairfield.edu