« What do your clients really want? Ask! | Main | Technically, your planning practice could be better »

Smishing – what you need to know


This blog was updated as of 10/16/2019.

When I first saw the word smishing, I assumed it was some new lingo the kids came up with to further stump us adults. But then again, this is coming from someone who didn’t know what ‘on fleek’ was until it was no longer cool to use. (It’s okay if you still don’t know what that means.) 

Jokes aside, smishing is a very serious matter – and since October is Cybersecurity Awareness Month, now is the perfect time to discuss it. 

What is smishing? 

According to Experian, a credit reporting bureau in the U.S., smishing is yet another tool used by cybercriminals to obtain personal information and steal identities. You’ve probably heard of ‘phishing,’ which is an attempt to get people to provide sensitive information via email, like credit card numbers or passwords. Smishing is a mash-up of SMS (short message service) and phishing. 

Basically, it’s phishing via text. The fraudsters use malware to send an SMS, and once someone downloads the link, the malware is activated, tricking people into sharing sensitive information. 

What are some examples of popular smishing scams? 

We’ve all encountered phishing scams like “I’m a prince and I want to wire $10 million to you, all I need is your bank account information,” or “If you click this link you will get rich quick!” But these SMS scam messages can be more difficult to spot. Here’s one example from Experian: 






















Another example might be a text saying that if you fail to click on the link and provide personal information, whatever company they’re pretending to be will start charging daily for the service. Delete these immediately. 

How can you disrupt fraudsters trying to smish you? 

I spoke to Rod Griffin, director of public education at Experian, and he suggests treating your phone like a PC. On a PC, you have antivirus software to prevent fraudsters gaining access to your computer. Since your phone does pretty much everything your PC does, if not more, why not purchase antivirus software for that as well? Don’t let the fraudsters out-tech you. And, of course, never click on suspicious links that come in via text. 

To make sure you haven’t been recently smished, check your credit report regularly to see if any suspect accounts have been opened in your name. 

While fraudsters are always coming up with new scams, there are plenty of steps you can take to keep yourself, your organization and your clients safe. Knowledge is power, so your first move should be to take our quiz on the fundamentals of cybersecurity. You can also register for our Cybersecurity in 2020 webcast on October 30 at 12pm ET, which offers a wealth of information and the opportunity to earn 1 free CPE credit.  

We’ll be providing helpful updates throughout Cybersecurity Awareness Month, so keep checking back atthe AICPA’sCybersecurity Resource Center tward off smishers and keep your digital defenses on fleek. 

Samantha Delgado, Communications, PR & Corporate Responsibility, Association of International Certified Professional Accountants


Comments are moderated. Please review our Comment Policy before posting.


Subscribe in a reader

Enter your Email:

CPA Letter Daily