What is smishing & how to protect your business and customers

You are probably familiar with SMS phishing scams that encourage you to click on a malicious link or send personal details that scammers can use to steal money. Scammers today are very good at impersonating businesses, and it can often be difficult to tell whether or not an SMS is coming from a company you trust or a scammer. Luckily, there are ways to defend and protect against smishing.

In 2021 the Federal Trade Commission logged 378,119 fraud complaints about unwanted text messages, including smishing attempts. A scammer can target anyone, but those unaware of how to protect themselves are at a higher risk of falling for the scam. According to a MEF report from 2017, there are 14 types of frauds that scammers can do within business messaging, and smishing is one of them. There are, in turn, many different types of smishing scams, including fake customer support questions, delivery notifications, invoice confirmations, password resets, two-factor authentication, and gift card offers.

So, what can a scam lead to? Scammers want to receive personal information from the receiver, such as account usernames and passwords, Social Security numbers, date of birth, credit card numbers, PIN codes, or other sensitive information. After coming across this sensitive information, scammers use it to carry out crimes like identity theft and financial fraud. 

How to identify a scam

To protect yourself from smishing scams, it's important to be cautious when receiving text messages from unknown or unverified sources. Here are a few tips for identifying a smishing scam:

  1. Think twice before opening a text message from an unfamiliar sender.
  2. Check the spelling, language, and URL of the message. Scammers may use fake URLs or misspell words to trick you. For example, if the sender directs you to a page on our website, the URL should be www.lekab.com and not www.Iekab.com (notice the I instead of an L)
  3. Look at the phone number. The first few numbers can reveal the country the message is coming from.
  4. If you are using a rich messaging app like RCS, WhatsApp or Facebook Messenger, look for a verified badge above the message thread (see the green badge below). This indicates that the sender has been authenticated by the app.

Verified sender

Even though smishing translates to SMS phishing, this type of fraud is not limited to SMS messages. Scammers may also use other messaging channels, such as WhatsApp or Facebook Messenger, to send phishing messages. To stay safe, use the same caution and scepticism when receiving messages on these platforms as you would with SMS messages.

Smishing messages often urge the receiver to do some­thing as soon as possible and have an element of urgency. But you should not be fooled by that. Instead, take your time to investigate whether the message is authentic and do not do anything a suspicious message asks you to do. That is the rule to follow. 

How to protect and defend from a scam

Scams can have serious consequences for companies, including loss of customers, legal costs, and intellectual property theft. To prevent these types of losses, it's important for companies to educate their customers about how to identify and avoid scams, particularly those that involve smishing.

Here are a few steps that companies can take to protect and defend against scams:

  1. Communicate with customers about the types of information and requests that your company typically includes in text messages. This can help customers verify the authenticity of a message.

  2. Listen to customer complaints about scammers pretending to be your company, and take the necessary actions to prevent similar complaints in the future.

  3. Inform customers about the sender ID that your company uses, so they can verify that a message is coming from your company.

  4. Be extra cautious during high-traffic shopping periods, such as Christmas and Black Friday (DI). PostNord in Sweden was, for example, recently hit by an extensive smishing campaign during the Christmas shopping (Aftonbladet).

At LEKAB, we actively work to protect your company's messaging traffic and take the necessary actions to ensure you and your customers a risk-free messaging experience. 


LEKAB provides mobile messaging services, messaging APIs and software for advanced messaging and process automation. We offer digital tools and solutions to companies that want to optimise how they communicate and interact with customers and employees on the mobile to improve productivity, availability and the customer experience through mobile channels. Do you want to know more or ask us for advice? Contact Us!

I want to know more

If you suspect that you have received a smishing scam, do not respond to the message or click any links. Instead, report the fraud to the authorities and protect yourself and your personal information. This may include changing your passwords, monitoring your accounts for unusual activity, and being vigilant about the types of messages you receive in the future.