Skip to main content

One Step Ahead: Beware of “Smishing”—Phishing via SMS Text Messages

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

It’s important to be cautious of not only suspicious emails, but also unusual text messages. Like phishing emails, “smishing” is an unusual text message that lures you into sharing confidential information or installing malware on your mobile device simply by clicking a link. A malicious text message may try to solicit your sensitive information as a method of verification. The fraudulent text message might impersonate your bank, claiming your account was compromised, and urge you to click on a link or respond in a text message to verify your account access information. 

In some cases, you could be asked to call a phone number (which may or may not be legitimate) to verify account information.

Protect your data and accounts from smishing theft by following best practices.

Respond carefully to text messages:

  • Banks and financial institutions will never ask for your account information in a text message, so don’t provide it! 
  • Use caution when responding to, or clicking links in, text messages.
  • Contact your financial institution directly using the contact information you have on file, not potentially bogus information provided to you via text.
  • Be on guard when a smishing message carries a sense of urgency. Some text messages implore you to act within a limited time of 24 to 72 hours or less.

Minimize vulnerabilities on your mobile devices:

  • Update your phone and browser’s software regularly.  
  • Avoid storing sensitive information on your phone.
  • Back up the information stored on your mobile device. 
  • Erase your information from old mobile devices before discarding. Contact your IT support staff on how to securely and irretrievably erase information from your mobile devices. 

Always contact your school/center IT support staff for assistance. If you cannot reach your IT support staff, contact the Information Security Office with your questions at security@isc.upenn.edu

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.

Back to Top