smishing also SMishing

the criminal activity of sending text messages to people in order to persuade them to give personal information such as credit card details, personal identification numbers (PINs), etc

There's a familiar, brief buzz or tinkle of your mobile phone – you've got a text message. But how can you be absolutely sure who sent it, or whether the sender is who they say they are? The fraudsters have used this uncertainty, and the fact that very few text messages are blocked by mobile phone networks, to champion the rapidly emerging ruse of smishing – the practice of persuading people to divulge important personal information by sending them a text message.

smishing usually takes the form of messages which try to force the recipient to respond immediately

Understanding the concept of smishing is best tackled by looking at the two words blended to create the term – SMS and phishing. SMS stands for Short Message Service and refers to the technology used for text messages on mobile phones. Phishing is the criminal activity of persuading people to give out personal information by directing them to a fake website (purporting to be a bank, credit card company etc) which requests updated information from them. Smishing represents a combination of the two – requesting someone's personal information by sending them an unsolicited text message (SMS). Correspondingly, smishing has a partially capitalised variant SMiShing.

Evidence suggests that smishing is on the increase, and it's not difficult to see why – it appears to be much simpler to disguise the real source of a message when it's in the form of a text rather than an e-mail. In an e-mail, it's much easier to pick-up on wrong or misspelt words, incorrect or dubious "from" addresses or dodgy hyperlinks. Text messages are however, by their very nature, brief, abbreviated, and normally only glanced at rather than carefully read. Furthermore, whereas many phishing attempts are now blocked by ISPs and spam filters, and often never reach their intended targets, there is as yet no similar mechanism for moderating SMS messages.

Smishing usually takes the form of messages which try to force the recipient to respond immediately, for example by warning that they'll be charged for a particular service if they don't cancel or complete a transaction by handing over certain personal details. Victims will typically be directed to a fake website to enter their details, or prompted to make a call to a human operator who will encourage them to disclose information over the phone.

Background – from vishing and phishing to smishing

Smishing as a blend of SMS and phishing was coined in 2006 by David Rayhawk in a McAfee™ blog (McAfee Inc. is a California-based company specialising in antivirus and Internet security software).

Following the derivational pattern of phishing before it, perpetrators of smishing are described as smishers. A related transitive verb, usually in the passive form, is used to describe what happens to victims, who are said to have been smished. There is also some evidence for a countable noun smish, which, like phish, refers to the fraudulent message itself.

An earlier spin-off of the term phishing is vishing. Formed from a blend of phishing and voice, vishing refers to the practice of enticing victims to verify their details by making a phone call. Vishing scams operate both through e-mail and Internet-based telephony or VoIPing, where a recorded message tells a person to call a particular number and submit their details.