What is Smishing? How to recognise a phishing attacks via SMS

2/12/2024

In recent years, smishing attempt reports have been constantly increasing. But what is smishing? This is a cyber scam that uses SMS as the main tool to deceive victims and steal sensitive data from them. This term comes from the combination of ‘SMS’ and ‘phishing’ and indicates a fraudulent technique through which cyber criminals ‘disguise’ themselves as trustworthy senders, such as credit institutions, delivery services or well-known companies, to steal personal or banking information.  

Smishing implications for the Supply Chain

Smishing not only threatens individual users, but can also have significant repercussions on the supply chain operation. Targeted attacks on employees of Logistics or Transport companies can compromise operational security, causing delays, loss of data or unauthorised access to confidential supplier or customer information.

What does a Smishing attempt look like?

A classic example is the message that appears to come from your bank and invites you to click on a link to complete an urgent transaction or solve a problem with your account.

Rule number one: never click on that link! It is almost always a phishing message.  

Rule number two: get to know your enemy. Knowing how fraudsters operate is the first step to being able to defend yourself.  

How does an SMS scam work

Here is the typical smishing mechanism:

  1. Receive a text message with alarming tones: it may contain phrases such as “Your account has been blocked,” “You need to verify a payment,” or “Sign in now to avoid service suspension.”
  2. The link provided in the SMS is not official: the URLs are often slightly different from the real ones, with spelling errors or suspicious domains.
  3. The fraudulent site imitates the authentic one: by clicking on the link, you will be redirected to a web page that resembles the page of your bank or the indicated service. Here you will be asked to enter sensitive data such as username and password, credit card number and CVC, PIN code or OTP (One Time Password) codes.
  4. A suspicious phone call is next : after clicking on the link, you may be contacted by a fake operator who, in a professional tone, tries to persuade you to perform seemingly necessary transactions, such as authorizing payments or providing additional confidential information.

Don't trust it, it's smishing!

  • No bank or other entity will ever ask you for these details by text message or phone.  
  • Do not confirm transactions if you do not recognise the recipient.  


What to do if you have clicked on a suspicious link?  

If you have any doubt that you have fallen into the smishing trap, act immediately to limit the damage:

  1. Change the service access password: log in to your account via the official App or website and change your security credentials.
  2. Contact support: report the incident immediately and request the account to be blocked, if necessary.
  3. Provide documentation of the suspicious SMS: take a screenshot of the received message and send it to the technical support or competent organisations for further investigation.  

How to recognise an official communication?

Organisations have precise policies to ensure the security of their customers. Here are some characteristics to distinguish authentic messages from fraudulent ones:  

  • No links in SMS: institutions never include direct links in SMS communications.
  • Telephone contacts only on demand: if you receive a call without prior appointment, it is likely to be an attempt at fraud.
  • Transparency in messages: official communications never use alarmist tones or urgent requests for personal data, typical of smishing.  

Beware of suspicious refunds or payments

Another common smishing tactic is the request to confirm transactions to receive a refund. Before proceeding, always check the recipient's details: name and IBAN for wire transfers, e-mail or phone number, and seller's name forcard transactions.  

Protect yourself with Leviahub solutions

Being properly informed is the first step in avoiding scams, but it is not enough. For full protection against cyber threats that, like smishing, can also affect your company and supply chain, rely on Leviahub. Our Cyber Security solutions include:

  • Advanced data protection systems: protection of corporate systems and logistics networks.
  • Specialised consulting: to strengthen digital security and identify weak points.
  • Real-time monitoring and prevention: against fraud, phishing and smishing attacks.

Don't let cyber criminals get the upper hand. Defend your Supply Chain: Cyber Security is a key asset to ensure business continuity and partner trust. With Leviahub at your side, you can operate with total peace of mind and protection.

Remember: the knowledge power is your best ally!

Discover our Cyber Security services

You might also be interested in

The easy, full cloud, complete and integrated transport software

Read more

Sustainability, safety and innovation: the event to write the transport future

Read more

For a full cyber security audit of your systems

Read more

Leviahub ready to respond to all the needs of an evolving market

Read more

Reduce operational costs, increase delivery speed and improve overall service quality by eliminating waste.

Read more

Leviahub Spa

Headquarters: Foro Buonaparte, 71 - 20121 Milano (MI)

Tel. +39 02 611133 | info@leviahub.com

Share capital Euro 5.000.000,00i.v.

P.I. e C.F. 01233220324 | REA MI-2503338

SDI: 1YY4LRX

Privacy policy

Cookies policy

Designed by Blhack