From time to time, scammers come up with new tactics using new technology, trending events, or whatever they can to trick people into giving up personal or confidential information. In recent years, with the rise of texting and SMS messaging, a newer trick has gained attention: smishing.
Because these scams come through text, they often catch people off guard and cause them to react quickly—which is exactly what cybercriminals are hoping for.
What Is Smishing?
Smishing is a type of phishing attack that arrives through text messaging. That can mean SMS on your phone, Apple’s iMessage, or even apps like WhatsApp, Facebook Messenger, or other chat platforms.
The goal is the same as phishing emails: to trick you into sharing sensitive details, clicking a malicious link, or installing malware.
How Smishing Differs From Phishing
Phishing scams have been around for decades, typically arriving by email with a dangerous link or attachment. If the victim clicks, they’re often taken to a fake website designed to collect login credentials or payment information.
Smishing simply changes the delivery method. With texting now a huge part of daily life—Experian reports that adults ages 18–24 send an average of 67 texts per day—cybercriminals know it’s fertile ground for scams.
Example: Zelle Payment Scam
One of the most common recent smishing scams involves Zelle, the digital payment service. Victims receive a text that looks like it’s from their financial institution, asking if they attempted a Zelle transaction. The message might look like:
“Did you attempt a Zelle Payment of $250? Reply YES or NO to confirm.”
The phone number is spoofed, making it appear legitimate. If the user replies, the scammer may then request a code or other information to complete fraudulent transfers—pulling money directly from the victim’s account.
Why Zelle Scams Are Growing
Launched in 2017, Zelle is often embedded in banking apps and linked directly to checking accounts. With just an email address or phone number, members can send money instantly. In 2019 alone, users transferred $119 billion through the platform.
That speed and convenience also makes Zelle attractive to fraudsters. While federal regulations require financial institutions to reimburse confirmed fraud, the process is costly for both the institution and members. Prevention is always the best protection.
How to Protect Yourself From Smishing
Here are some practical tips to help avoid falling victim to smishing or other text message fraud scams:
- Don’t click suspicious links. If you’re not sure, contact the sender directly through a known phone number or official website.
- Pause before reacting. Scammers use urgency to push you into quick action. Take a breath, then check your account directly through your bank’s app or website.
- Never send sensitive details. Unless you initiated the contact, don’t provide information like PINs, passwords, or codes.
- Know your financial institution’s practices. Legitimate banks and credit unions will not ask you to verify or update details via text.
- Ignore and delete suspicious texts. It’s not rude—it’s smart.
- Report smishing to the FCC. You can file a complaint on the FCC’s website.
Other Common Smishing Scams
Besides Zelle fraud, you may encounter other text scams, including:
- Fake account alerts: A text that appears to come from your bank or card provider with a link to “resolve an issue.” Clicking installs malware.
- Subscription cancellation scams: A message claims you signed up for a service and will be charged unless you click to cancel. The link installs malware or steals information.
- Prize or gift card scams: A message says you’ve won a prize and must click a link to claim it. Instead of a reward, you’re asked for personal information that’s later used for identity theft or spam.
Final Thoughts
Smishing may be newer than phishing, but the principle is the same: criminals trying to trick you into handing over information or access. Staying alert, slowing down, and verifying messages through trusted channels is the best defense.
Remember: when in doubt, don’t click, don’t reply, and report. Protecting yourself also helps protect the entire community. Check out our member security page for more helpful tips.
