GlobalSign Blog

What is Smishing and How Can Your Company Prevent It?

What is Smishing and How Can Your Company Prevent It?

There is a very high probability that a nefarious SMS or text message is on its way towards your smartphone right now. This message might claim to be from your bank, asking you for financial or personal details such as your ATM or account number. Providing this information is as good as handing over the key to your bank account to the thieves. Like its close relative, phishing, this type of attack is, unfortunately, happening more frequently than ever – and with greater success, too.

In this article, we’ll explain where smishing originated, why it’s so prevalent, and how you can protect yourself from taking the bait going forward.

Baits used by smishermen

So, what is smishing anyways? Smishing is a term that was derived from SMS, which stands for Short Message Service – or what we more casually refer to as “text messaging.” Using text messages is one of the more popular ways to communicate on smartphones, especially among young adults. There are a couple of other factors that make smishing a particularly insidious threat. While most people are aware of email fraud and the risks involved in it, they are less wary when they are using their cell phones. Smartphones are envisaged to be more secure than laptops.

But there are limitations to smartphone security and it cannot protect the user directly against smishing. Cybercrimes aimed at cell phone devices are rocketing with the use of smartphones. Android devices are the primary targets for this malware because there are so many of them out there – but like with any other form of cyber threat, no one is completely safe from being on the receiving end of a smishing attack. Even iPhone users are at risk, despite the fact that they might feel more protected.

While smartphones offer great flexibility to end users, the platform also benefits cybercriminals. The problem is that people use mobile phones on the go and when you are distracted, you are much more likely to get caught with your guard down and respond to incoming messages without thinking. A smishing message itself could be something as innocuous as a coupon.

In most cases, the smishermen are trying to steal personal information but they may also try to trick you into downloading and installing malware onto your phone. The malware may disguise itself as a legitimate app, thereby tricking you into typing your confidential information and sending the collected data to cybercriminals. Or the link contained in the smishing message could take you to a fake website where you will be asked to provide sensitive information that will later be used by the cybercriminals for stealing your online ID. With more people opting to use their smartphones for company work, smishing has become a viable threat for companies as well.  

How companies can protect against smishing attacks

Here are some of the things companies can do to protect their people and data:

1. Find out how educated your employees are in cybersecurity. Before starting anything, it can be very helpful to understand your employees’ cybersecurity awareness by conducting a simple survey with specific questions that measures their alert level against different scam attempts. You can easily handle this by using a free survey maker, such as JotForm. Knowing your employees’ level of knowledge on the issue will help you develop your cyber awareness training program.

2. Have clear policies and restrictions around BYOD. If employees are allowed to use their smartphones for work, have a Bring Your Own Device (BYOD) policy in place that sets clear expectations and guidelines around everything from app usage to cyber threat detection.

3. Use access control. Everyone in the organization does not need access to all files. Limit the access to databases, websites, and networks to only the people that need to use them. This reduces potential exposure to smishing attacks. Instruct employees to zip files and send them via email rather than using other methods, because it is generally a safer option.

4. Give your employees a way of notifying you about potential scams. Make sure your team understands how to report threats and get advice on suspicious messages. You will need all the help that you can get tracking and stopping new attacks.

5. Keep everyone informed about possible smishing attacks. If you become aware that someone is using your company as part of a smishing or phishing scam, inform your clients and customers as quickly as possible to prevent unwanted data breaches or other corporate damage. Reiterate your company’s policies regarding asking for account information and approved communication methods.


Smishing text message scams are not new. But it’s important to remember: they are not going to disappear any time soon. All companies should include smishing as a priority in their cybersecurity training. As more individuals continue to use personal or company-issued mobile phones for handling business-related functions, the problem is becoming more – not less - significant. Keep in mind that cybercriminals are always on the look-out for better methods for targeting new victims and putting a new spin on their old tricks. That’s why it pays to stay vigilant and ensure that you and your company employees do not fall prey to a smishing scam.

Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.

Share this Post

Recent Blogs