Smishing, or text phishing, is a cyber-attack where criminals use text messages to try to gain access to your personal information. The criminals try to convince you that the message is from a person or business you trust so you’ll give away your personal data. They will then use that information to commit identity theft.

Here are a few ways to identify a smishing attack:

  • There is a link instead of a phone number to call. Never click on a link unless you know it’s from someone you trust.
  • The message may not contain the name of the company. For instance, it may say, “your financial institution is trying to reach you.”
  • They ask for personal information such as your pin number, account number, or social security number. Never give this information.
  • They’ll often use a rouse to scare you into responding, such as saying your account has been compromised, there’s an unpaid balance that will go to collections, or that you’ve won a prize.

Now that you know how to identify an attack, here are some ways to protect yourself.

  • Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
  • Never click on any links in the message.
  • Use multi-factor authentication on all of your accounts. This way, even if someone does get a hold of your username and password, you’d still have to authorize access.
  • Back up your data and make sure those back-ups are not connected to the cloud so they cannot be compromised.
  • Report the attack to the Federal Trade Commission at