You clicked a
suspicious text message

SMS phishing (smishing) uses text messages to trick you into clicking malicious links, calling fake support numbers, or revealing sensitive information. Attackers exploit the trust we place in text messages and the urgency of mobile notifications.

How to protect yourself from smishing
  1. 1 Verify the sender number. Legitimate companies usually send messages from recognizable short codes or official numbers. Be suspicious of random phone numbers, especially those with unusual area codes.
  2. 2 Don't trust caller ID. Attackers can spoof phone numbers to make messages appear to come from banks, delivery services, or government agencies. Always verify through official channels.
  3. 3 Be cautious of urgent requests. Messages demanding immediate action ("Your account is locked! Click now!") are red flags. Legitimate companies don't pressure you to act immediately via text.
  4. 4 Never click links in unexpected texts. Even if the message appears to be from a company you use, go directly to their website or app instead of clicking the link in the text.
  5. 5 Don't reply to suspicious messages. Replying confirms your number is active and may result in more spam or phishing attempts. It might also give the attacker your location. Simply delete suspicious messages and report if available.
  6. 6 Verify through official channels. If a message claims to be from your bank, delivery service, or another company, contact them directly using a phone number or website you know is legitimate.

Attackers use various tactics to make their text messages appear legitimate:

  • Fake package delivery alerts: Texts claiming you have a package waiting or that delivery failed, with a link to "track" or "reschedule" delivery.
  • Bank account alerts: Fake messages claiming suspicious activity, account suspension, or verification needed, directing you to a malicious website.
  • Prize & giveaway scams: Messages claiming you've won a prize or gift card, requiring you to click a link and provide personal information to claim it.
  • Two-factor authentication (2FA) bypass: Texts asking you to confirm a login attempt or provide a verification code, designed to steal your account credentials.
  • Fake tech support: Messages claiming your device is infected or your account needs immediate attention, directing you to call a fake support number.
  • Subscription traps: Texts offering free trials or services that enroll you in expensive recurring charges when you click the link.