Cyber Doc logo Cyber Doc
Cybersecurity Term

What is smishing?

Text-message phishing that uses SMS or chat messages to push links, fake alerts, or urgent requests.

Email & Fraud Last reviewed: 2026-05-20

← Back to Learn Centre

What is smishing?

Smishing is phishing sent by SMS or text message. It often uses short links, delivery notices, banking alerts, or urgent account warnings.

Simple example

A business owner receives an SMS saying a parcel delivery failed and must click a link to reschedule.

Why it matters

Text messages can be harder to inspect than email and may catch people while they are distracted or using a mobile device.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Avoid clicking links in unexpected SMS messages.
  • Use official apps or websites instead of SMS links.
  • Train staff to report suspicious text messages.
  • Use MFA and password managers to reduce account takeover risk.
  • Do not approve payment or account changes from SMS instructions alone.

Reactive steps

  • Do not continue interacting with the message.
  • If credentials were entered, change the password from the real website or app.
  • Check account activity for suspicious sign-ins.
  • Contact the real provider using trusted details if money or data is involved.
  • Preserve screenshots of the message for investigation.

Related terms

  • Phishing
  • Social engineering
  • Credential theft