Protect yourself from smishing scams with this simple guide

6 min read

Technology makes our everyday lives easier, but it also brings some major risks. Cyber scams like smishing—that is, SMS phishing—are on the rise, so it’s more important than ever to make sure you understand how to recognize suspicious activity. Read our short guide to identifying smishing scams and learn how you can protect yourself and your loved ones from fraud.

What is smishing?

Smishing is a type of cyber attack that happens via text message, or SMS message. It’s a combination of the words “SMS” and “phishing” (a type of online scam). You might also see it written as ‘SMiShing.’ In a smishing attack, you might receive a mysterious message asking you to transfer money for an unpaid bill or to help a friend in need. Scammers might also be trying to get other personal information such as your bank details, card numbers, email addresses, and more. They’re generally interested in stealing funds, but might also be attempting identity theft. 

How does smishing work?

In smishing, cybercriminals take advantage of the fact that people are sometimes more trusting of messages they receive on their phone than messages that reach them over email. But smishing attacks can be just as dangerous as email-based ones.

Smishing messages usually use something called social engineering to get you to reply or click on a link. Social engineering is a type of psychological manipulation that taps into feelings like fear, guilt, or greed, to convince people to engage with a message. The scammer will often create a sense of urgency, prompting victims to act without thinking in order to avoid perceived risks.

Common smishing scams

A smishing attack will most often look like a message from an organization you trust. This might be your bank, the government or tax authority, the police, or an insurance company. Scammers pretend to be from these organizations since they know people are more likely to trust them.

Here are three common smishing scams to watch out for:

  1. Bank smishing—This scam tries to get you to act by saying your bank account has been hacked, when in reality, this is the hacking attempt itself.  It usually starts with a text message claiming to be from your bank. This message is designed to alarm you, perhaps telling you that your security has been breached, that there’s been an abnormally large transfer, or a new payment recipient has been added to your account. It will then encourage you to click on a link, call a phone number, or reply with your PIN or login details. Under no circumstances should you follow any of these instructions or prompts. Instead, ignore the message and contact your bank to verify your account status.

  2. Malware smishing—While not as common as bank smishing, malware smishing can be just as damaging. You may receive a text message encouraging you to download something onto your phone, like an app. This app may look like it’s from a trusted source, but it could be used to harvest sensitive data from your phone, like credit card details stored in other apps. These scams are commonplace over email, but have now been adapted for phones, too. Never download anything unless you are sure it’s from a trusted source.

  3. Money smishing—In this case, fraudsters will try to persuade you to send someone money. It might look like a plea for money from someone you know, like a friend, colleague, or family member. It could also look like a text from an important organization, like a tax collector, insurance broker, church, or the police. For these scams, social engineering plays a huge role. They’ll try to make you feel panicked or guilty, so you’ll be tempted to send money quickly before you can identify it as a fraudulent request. By the time you’ve realized the truth, the scammer may have already accessed your accounts. Be on alert for messages with these types of panic-inducing content, and know that this is usually a big indicator of suspicious activity.

How to spot a smishing scam

It’s important to take smishing scams seriously, but there’s no need to panic. There are ways to protect yourself and minimize risks. The first thing to look out for when trying to identify a smishing attack is a text from a number you don’t recognize. This text will most likely be asking you to:

  • Send money to someone

  • Click on a link

  • Download an app or software

  • Reply with your personal details, like your PIN, passwords, or email address

  • Call another unknown number

Because smishing scams use social engineering techniques, if this text message makes you feel frightened or guilty, you should be on your guard. But fear isn’t the only motivator in social engineering—if someone messages you with an offer that sounds too good to be true, it probably is. If you get a message saying you’ve won a prize or contest you don’t remember entering, don’t share any information with the sender.

How to protect yourself from smishing

We receive so many messagings that avoiding smishing scams might seem tricky, but there are ways to make it easier. Keep the following steps in mind to avoid falling prey to SMS fraud:

  • Don’t reply or interact with a text from a number you don’t recognize. If it looks suspicious, delete it straightaway. Don’t even reply with ‘STOP’ or a similar message.

  • If a text message has a link or phone number, don’t click on it. Instead, look it up separately with an internet search to see if it’s legitimate.

  • Never share your PIN, passwords, or email address by text. Your bank will never ask for these details in this way, and neither would any other credible institution.

  • Protect your phone number online. Try to avoid sharing your number on social media or public websites to prevent it from falling into the wrong hands.


Security at N26

Security is our top priority at N26. As a fully digital bank, we understand how important it is to stay safe online. We use the latest security technologies to protect your accounts such as smartphone pairing, meaning your smartphone is the only one that can access your account. Biometric authentication keeps your password secure when you log in on the go. Mastercard 3D Secure technology gives added protection to every purchase you make online, and discrete mode allows you to blur out your balance and personal info so that no one can see it but you.

If you think you’ve been the victim of a smishing attack, contact our N26 Customer Support as soon as possible. We take all potential fraud very seriously and will work to make sure your finances are safe and secure.

What is a smishing attack?

Smishing—a combination of “SMS” and “phishing”—is a type of cybercrime that takes place over text message. In a smishing attack, cybercriminals will send a text message with the intention of getting money or personal information. They might trick you into sharing your personal details or persuade you to send money under false pretenses.

What is smishing social engineering?

As you learn about smishing and other scams, you might hear the term ‘social engineering’. This is a technique that cybercriminals use to persuade you to do something by tapping into human emotions like fear, panic, guilt, or greed. For example, they might tell you that your bank account has been hacked. In your fear and hurry to protect your finances, they are hoping you will share personal details. Smishing social engineering could also mean that they contact you claiming that you won a big prize, hoping that your excitement will cloud your judgment and get you to share your money or details.

What is an example of smishing?

A smishing text often comes from an unrecognized number but not always—cybercriminals can now impersonate banks and other trusted phone numbers very convincingly. They will usually pose as an organization you trust, like your bank or the government. Smishing may involve you receiving a text claiming to be from your bank, and asking you to phone a number to confirm a new transfer. If you phone the number, the scammer will then ask for your private details, pretending to need them for security purposes. They can then use this information to hack into your account.

Why is smishing dangerous?

Smishing is dangerous because when cyber criminals have access to your personal information, they could steal your money, run up debts in your name, or even commit identity fraud. Smishing can have a long-term impact on your financial wellbeing and credit score. Your credit score can be affected if you borrow more than you can afford or miss debt repayments, which is something the scammer may do when taking control of your accounts.

What can I do if I fall for a smishing scam?

If you suspect you’ve fallen for a smishing scam, it’s important to contact your bank as soon as possible. Every bank should take this kind of fraud very seriously. For N26 customers, that means calling our N26 Customer Support team as soon as possible. They’ll take action straightaway. If you do fall victim to smishing, it might be wise to freeze your cards until the issue is sorted. With the N26 app, you can easily block your card at any time if you’re worried about suspicious activity. Then, you can easily unblock it later if necessary.

By N26

Related posts

These might also interest you
N26 logo against a turquoise background.

Voice phishing—aka vishing—is on the rise. Learn how to recognize these scams and protect yourself from fraud.

Fire extinguisher with pink smoke.

Find out how you can protect yourself against debit card fraud.

N26 Spaces on phone screen, N26 You card, keys and a glass on a table.

Want to learn more about the coronavirus’s economic impact in Europe? N26 and the ifo Institute launched a monitor to learn how the COVID-19 pandemic affected the European economy.