What is smishing and what can you do about it?

As the song goes, Christmas “is the most wonderful time of the year.” Unfortunately, it’s also the time when our security–offline or online–are at a higher risk.

While we can’t tell you exactly how you can protect yourself from offline thieves and scammers, we can share what we know about the latest modus the digital crooks have and what you can do about it.

Let’s start off with smishing.

What is smishing?

Cute as it may sound, smishing is a risky tool online thieves have been using for some time. In fact, the Philippine National Police (PNP) has an article dedicated to it warning us of its possible consequences.

Smishing is a combination of phishing and SMS.

So if you know phishing, smishing is the same thing except that it’s done via text messages. It may look like this:


Other text messages may contain links plus the message “Click the link immediately or you’ll be charged XXX.” and the sender may be a four-digit number like 5000. It’s a bit similar to the fake invoice scam.

What happens when you or your client is smished?

If the smisher is successful in getting your personal information, you may see credit accounts opened in your name or unauthorized charges on your credit or debit cards.

It’s unlike the usual fake messages we get where you’re informed that you won the raffle draw or the lottery and you have to call Atty. So and So. This shenanigan usually asks you to wire money so they can send you your “prize money.” With smishing, however, they only get your personal information, so they can charge your cards or create a new account under your name.

What should you do if you’re smished?

  • Call your bank immediately.
  • Notify PNP Anti-cybercrime Group via [email protected] or (632) 7230401 local 3562.

How do you avoid smishing and other digital attacks?

Protect your phone

According to the American Institute of CPAs, you should protect your phone the way you protect your PC–install antivirus software.

But if the smishing messages still get through, do these:

  • Don’t click on the links.
  • Don’t respond to the sender.
  • Delete the message.

Don’t be so sure

If, for example, the sender is someone you know, but the message is suspicious, verify with the sender first. If the message is from your clients, call them first. Also, inform them to do the same if they get a similar message from “you.”

We can never be so sure, especially when our country is one of the most viable targets of online theft, thanks to our growing GDP.

Unfortunately, 34% of companies surveyed said that they “have not performed proper forensics or data breach assessment,” says a survey.

This “it hasn’t happened to me, so I won’t do anything about it yet” culture is what the crooks are cashing in on.

Use only trusted platforms

We can’t stress this enough. If you haven’t heard about a product or service, do your research first–either you read reviews, ask colleagues, or call the service provider.

You may also, check the site’s certificate by clicking on the padlock icon on the address bar. It should show you something like this:

We are moving toward cloud and mobile computing, which means we are also taking on new risks. But with proper preventive measures, you and your client can rest assured that your data is protected.

Oojeema offers bank-level security to your accounting practice.