Posted on September 26, 2023 in Technology

Smishing (SMS Phishing)

Do you get strange solicitations for all sorts of things in your messages? Are you getting texts from email accounts, or massive group-texts to you and everyone within a couple of digits of your number?

That’s Smishing.


Phishing is the process of sending emails with dangerous, annoying links in them hoping that someone on the other end will click them. These emails can be broadly targeted or narrow, well written or not – it all depends on the person on the other end of the line. Broadly targeted emails with many people on the receiving end tend to be poorly written to weed out people who would flake out halfway through. Narrowly targeted emails aimed at individuals or specific companies tend to be much better, because they’re willing to invest the time needed to get them.

Phishing happens via email, but it comes in a variety of flavors, and setting rules such as ‘don’t click links’ and ‘don’t look at ads for services you didn’t sign up for’ can wipe a lot of the problems out. Phishing is still incredibly common, and many people (including the elderly, people who are reading in a different language than their native tongue, younger kids with email addresses, etc.) still fall for them… but where tech innovation goes, scams soon follow!

Improvement to the Tech 

There was a time when sending mass texts in hopes of securing some personal data was time consuming and expensive. There was a time when you couldn’t just send emails to a phone number or vice versa. Nowadays, all of these things have become possible. Everyone worth scamming has a smartphone. Very few plans ask users to pay per text, instead of per gig (or meg).

VOIP and assorted messaging apps all blur the lines between email, phone calls, text messages, app-based messaging services, and more. Of course, the market has encouraged this. If users have to trade apps to stay in touch with friends on a different app, they’ll generally do so. It’s in every app’s best interest to work with eachother, and most will enable users to send and receive messages with minimal issues. There aren’t a ton, but the handful in existence is plenty. Plus, Google and Outlook will allow you to direct-message phone numbers now, as long as you have the full ten digits.


Smishing, just like phishing, involves sending messages trying to get people to click sketchy links inside or engage further with the scammers. Sometimes it happens with one number sending directly to one number, or one number to many, and sometimes an email address is able to send you messages directly.

Shot-gun blast smishing, just like regular phishing, is targeting people who don’t know better than to click on strange links or respond to “adult links” texts with incoherent rage. Now that many delivery services use text messages, unsolicited texts about a meal or package delivered to the target’s house may cause them to click the link in the message without pausing for a second to think about all of the other messages they should have received beforehand. The phone is new territory, and they hope you’ll fall for it because it’s new and blends in a little better.  

There is a more dangerous version of smishing – if they know who they’re texting, and they can text coherently, getting info or clicks out of the target becomes much easier because they can custom-fit those texts to said target. If someone uses your name, you’ll assume you know them from somewhere – and a text is already so personal, it’s hard to blame people who fall for it. Shotgun blast smishing only gets the folks who were vulnerable, but a good, targeted attack could fool many more. This obviously also applies to regular phishing, but because phone numbers all look the same, and phones can be misplaced while desktops can’t really be, bluffing your way into getting ‘emergency information’ from someone is just a smidge less difficult.

Viruses are still a potential problem for phones. The only issue is that they have to be custom-made for the phone type the end user has, or else they won’t be able to successfully infect that device. While many people use their phones for their internet browsing, a great many more use their desktop for everything, and so the scammers of the past would just use the desktop virus and hope they caught something.

Smishing introduces a new angle – phone numbers will generally lead to phones, meaning that they can use that custom-made phone virus and almost guarantee themselves a win as long as the target actually clicks the link.


Unfortunately, unlike phishing calls or emails, smishing is easier to spam with and doesn’t usually require a list of preexisting emails. Think about it: a phone number has a set number of digits with ten possible placements, 0-9. An email not only has the entire alphabet on top of all of the numbers, the length varies from the shortest possible username to the longest one. You can’t simply BS your way into a working email the way you can with a phone number, you’d have to buy a list and plug it into the spam machine to send messages.

Enforcement, too, is easier to evade. If a smisher’s email gets banned, they can simply make another one by the same mechanism that makes spamming emails without a list difficult, and continue to spam phone numbers. As emails and phone numbers get blocked out, online services allows them to continue messaging. If those services get complaints about the spam? Simply make a new account there, too. Easy, fast communication is vital to many people, businesses, and services today, so all of this is easy and accessible by design.