Skip to main content

What is a Smishing Attack?

Home » Blog » What is a Smishing Attack?

We’ve all heard of phishing attacks, but hackers are using a similar SMS-based approach known as “smishing” to infect devices with malware and steal data, and it’s becoming more common, according to recent research.

The allure of free money and gifts is difficult to resist, and scammers know this. It is not uncommon for smishing messages to bait victims with the promise of refunds, bank account adjustments, or tax refunds. In broader attacks, spammers may even claim you have won or are eligible for a contest or prize. Unsolicited messages of this kind are usually a dead giveaway for smishing schemes.

What is Smishing?

Smishing is a newer tactic employed by cybercriminals. In principle, smishing scams have the same goal as phishing emails: get users to click a scam link in order to steal information. In this example, a user was sent a malicious text, supposedly from the Bank of Montreal.


Most smishing attacks work this way: hackers send the target a text that appears to be real. The text includes a link that will take the visitor to a phony but plausible page that will instruct them to download a malware-infected software installation. In the instance of Roaming Mantis, the virus hides behind harmless code that anti-malware software may miss.

Hackers embed malware in smishing SMS, but it’s not the only thing they do. The texts may also contain links to fake login pages that steal private account information, spam them with malicious ads, or simply ask them to reply with other important information like bank card details, social security numbers, or driver’s license numbers, depending on which company the hackers are impersonating.

Whatever the situation may be, the hackers have gained remote access to your device, accounts, and/or personal information. They can then steal your credit card information, compromising images, and any other information you’ve saved.

How to Avoid Getting Smished

To avoid falling for a smishing scam, never click links in a text message or respond to automated phone calls. Unless you were the one who initiated the call with a trusted source (e.g., calling a known customer service number or reaching out to a bank using the number listed on their website), you should never share personal information over the phone. If you ever feel uncomfortable with the questions someone is asking you over the phone, tell them. If it’s a genuine company, they should be able to provide different methods for contacting them, including setting up an in-person meeting at a legitimate place of business.

Expert Advice from Wedgwood Insurance

There’s more to insurance than the price of the policy and Wedgwood goes above and beyond for our clients with expert advice you can trust, but don’t take our word for it. There’s a reason we’re Newfoundland & Labrador’s most trusted insurance broker.

With over 200 Google My Business reviews, come experience the Wedgwood difference with expert advice from our dedicated team. We work to ensure that every client has the coverage that best suits their needs through upfront complimentary consultations and midterm reviews.

Contact Us

  • This field is for validation purposes and should be left unchanged.

Author Jamie Ross

Jamie Ross leads the Marketing and Communications team at Wedgwood Insurance, renowned as one of Atlantic Canada’s premier independent insurance brokers. Bringing a wealth of experience amassed over many years at some of Canada's most esteemed advertising agencies, Jamie transitioned to the insurance industry in 2017. This pivotal move has marked a period of significant professional growth and contribution to the field. A native Nova Scotian, Jamie has been a resident of St. John's, NL, since 2011, where he has become an integral part of the local community. Learn more about Jamie.

More posts by Jamie Ross
Skip to content