Smishing (SMS phishing)
Phishing delivered via SMS text message. Mobile-targeted attacks that exploit the trust placed in text messages.
Smishing is phishing over SMS. The classic patterns: "Your USPS package is held — pay $1.99 to reschedule", "Your bank detected fraud — tap here to verify", "You have a refund pending — confirm your details".
Smishing is effective because most SMS clients don't show the full URL, and people tend to act on text messages faster than on emails. Mobile-only links bypass corporate URL-filtering gateways that only inspect email.
Defensive habit: never tap a link in a text message claiming to be from a service you use. Open the app or website manually instead.
Example
"USPS: We have a package waiting. Pay $1.99 redelivery fee: usps-redelivery.xyz/track"
Related terms
Phishing
Fraudulent attempt to steal credentials or money by impersonating a trusted entity, usually via email or a fake website.
Vishing (voice phishing)
Phishing carried out over a phone call, often using spoofed caller ID and urgency tactics.
Quishing (QR phishing)
Phishing that uses a QR code to deliver a malicious URL — bypasses many corporate URL filters.
Got a URL you're unsure about?
Paste it into our free scanner — verdict in seconds, 10+ threat-intel sources.
Scan a URL →