® 
Smishing (SMS Phishing)
Definition
Smishing is a form of phishing via SMS messages or WhatsApp. Attackers send misleading messages that trick recipients into clicking a link or sharing personal information.
Smishing is a form of phishing via SMS messages, WhatsApp or other messaging apps where attackers trick victims into clicking malicious links or sharing personal information. According to Proofpoint, smishing attacks increased by 318% in 2023.
How does smishing work?
Attackers send deceptive messages appearing to come from trusted sources: banks, delivery services, government agencies or acquaintances. The message contains an urgency element prompting immediate action: your account will be blocked, your package cannot be delivered, you missed a message. The link leads to a fake website stealing credentials or payment details, or a page installing malware on the mobile device.
Types of smishing
Package delivery fraud imitates courier messages. Banking smishing warns of suspicious transactions. Government smishing imitates tax authority or digital ID messages. Prize smishing claims a won prize. Friend/family fraud impersonates someone known requesting money.
Impact on organisations
Smishing increasingly targets corporate mobile devices to steal business system credentials. MFA bypass via smishing is a growing problem: attackers send fake MFA messages to intercept authentication tokens. NIS2 requires organisations to train employees against all phishing forms including smishing.
Protection
Train employees to recognise smishing. Implement Mobile Threat Detection on corporate devices. Use URL filtering on mobile devices. Always verify unexpected messages through a different channel.
How DEFION helps
DEFION includes smishing in Security Awareness Masterclasses and phishing simulations. The team also tests mobile device resilience through Mobile App Security Assessments.