Protecting yourself, Research, regulation, industry reports

Phishing, vishing and smishing, oh my!

Emily Crone

Originally, text messages were used to send notes to friends while stuck in class or to tell someone something brief. Then they became a way to vote in reality television hits and win prizes with game shows. More recently, as my colleague Connie Prater reported in a blog, debt collectors are beginning to e-mail and text debtors who dodge phone calls. Now, the most recent group behind text messaging: identity thieves.

The recently-coined term for this is — hold back the laughter — “SMiShing.”  The word is a combination of “phishing” and Short Message Service (the technology used to send texts). Phishing happens when identity thieves send e-mails that appear to come from a respected company, such as a bank, asking for personal or financial information. Vishing is when identity thieves attempt to collect personal information through phone calls with Voice over Internet Protocol. Now, we have smishing.

Smishing has been around for a few years, but now that identity theft is becoming increasingly prevalent and recent reports of smishing are surfacing, it is vital for consumers to be aware it exists, and to know to ignore it.

Fox Channel 2 in St. Louis just reported that consumers in the St. Louis area have been receiving text messages on their cell phones that appear to be coming from Arsenal Credit Union. Instead, these messages are being sent by identity thieves. The messages ask readers to provide information about their bank account, debit card and credit card numbers, so Missouri Attorney General Jay Nixon has put out a warning to consumers.

Earlier this month, the Web site of the Washington State Office of the Attorney General added information about three new identity theft scams — one involving text messaging. Here’s what happened: A text message in Spanish was sent to the cell phone of an elderly woman. The message provided a phone number and asked that she call them immediately, so she did. She was told she had won something and was asked for her personal information to confirm her identity. The woman’s daughter was in the room and suspected foul play, so she ended the phone call.

After citing that incident, Washington’s Attorney General’s Web site also says, “Smishing messages sent to mobile phones often contain links to Web sites where victims are prompted to enter personal information or download dangerous software.”

Unless it’s a debt collector who can’t otherwise get in touch with you or a business you signed up for text messages with, no legitimate company should contact you via text message. If they really need to get in touch with you, they’ll call you. And even then, be wary — most often, if someone calls you wanting personal information, hang up, look up the customer service number for the company that person claims to be with, and call them to determine if your information really is needed. You’re always better safe than sorry.

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • Charlie

    I have rec’d a phishing email from the U.K. do you want me to forward to you??