Smishing

Smishing (SMS phishing) is a social-engineering attack that uses text messages — and increasingly RCS or messaging apps like WhatsApp and iMessage — to lure recipients into harmful actions. Common pretexts include parcel-delivery notifications, bank fraud alerts, tax-refund messages, two-factor-code interception requests, and toll-payment scams. Mobile context favours the attacker: links are truncated, sender IDs can be spoofed, and users are often distracted. Defences include carrier-level filtering, anti-phishing mobile clients, FIDO2 or app-based MFA instead of SMS codes, and user awareness focused on out-of-band verification of any urgent text.