Don't Be a Victim of 'Smishing'

Smishing is a new kind of cybercrime. Its name is a portmanteau of SMS (short message service) and phishing. SMS refers to a text messaging service, and you probably know phishing as the name for a scam in which a person is duped into revealing confidential information by responding to a bogus e-mail that appears to be from a bank, Internet service provider, retail store, or other organization. Instead of e-mails, smishing uses text messages to direct people to a fraudulent website or to call a phone number at which point they are asked to provide personal identifying information, such as a user name and password, or financial information.

Photo: Blackzheep

We're sorry to disappoint you, but you're probably not the winner of a gift card.

Don't get too excited if you receive a text message announcing you've won a gift card from a big retailer. Chances are it's smishing—or scams perpetrated by text messages. Once you respond to the message, you typically are sent to an inauthentic website where you're asked to enter your name, cellphone number, mailing address and other personal information. That information can then be used for targeted advertising without your consent or lead to attempts to steal your money or identity.
— Emily Glazer, The Wall Street Journal, 16 Dec. 2012

Smishing is essentially phishing ported to mobile devices—and typically arrives in the form of a text message suggesting the user has signed up for a service, and will be charged until they cancel using a web site. The site then prompts the user to click on a link, which actually triggers the download of a Trojan horse that turns the computer into part of a bot network.
— Computing, 25 Jan. 2007

Reflecting the spelling of its roots, the name of the scam is also fashioned SMiShing.

Now that most people are alert to suspicious e-mails and phony phone calls, text messages are the new frontier for scammers out to con you. A new "SMiShing" scam—the term for a phishing (or phone) fraud that starts with a text (also called SMS)—relies on our tendency to automatically reply to a text without a second thought.
— Consumer Reports, October 2015

And the perpetrator of smishing can be either a smisher or SMiSher.

Although it can happen any time of year, you're more likely to fall victim to smishing when you've been giving your credit cards a workout. Holiday season is prime time for smishers, according to privacy experts. How to prevent it: If you get a text alert about an account, don't respond before you verify that it’s the real deal.
— R. J. Ignelzi, The San Diego Union-Tribune, 27 Nov. 2010

One of the main strategies SMiShers use is to scare consumers into thinking they will be charged for something if they don't respond.
— Michelle Brunetti, The Press of Atlantic City, 4 Feb. 2007

The word smish or SMiSh also occurs as both a transitive verb (usually in the passive form smished) and a noun that is often used attributively.

A third client of mine received a text message from what appeared to be her bank requesting that she click on a link to their website to address a balance due on her credit card. She was apparently "smished." Her email address, telephone contact list and some personal information were compromised, requiring her to spend days changing passwords, securing her email address and warning those on her contact list.
— Barry Dolowich, The Monterey County (California) Herald, 21 Jan. 2014

What's more, criminals are clever and they make their SMiSh messages appear to be coming from a trusted source—a friend, a retail store you do business with, your bank, etc. Also, there's no easy way to preview a link in a text message as you can in an email by moving your cursor over the link. Links in text messages are often condensed URLs so you really have no idea what they lead to.
— Linda Musthaler, Network World, 7 Mar. 2013

These examples of smishing and its derivatives not only attest usage of the words but illustrate how smishing scams work. People tend to be more inclined to trust a text message that is sent directly to their personal phones than they are of an e-mail—of which people nowadays are more suspicious because of phishing's notoriety. In addition, the instantaneousness of messaging makes it more likely that a person will respond quickly without hesitating to verify a message's authenticity.

Familiarity with the word won't save you from the scam, so the next time you receive an unsolicited text message offering something for free if you act right now, you should be wary about responding. Then you can text your friends about the time you battled a smisher and won, foiling his smishing scam and narrowly avoiding the fate of being smished.

Update: This word was added in April 2023.

Words We're Watching talks about words we are increasingly seeing in use but that have not yet met our criteria for entry.