Smishing/Tishing: What To Look Out For

by Jonathan Smith

Fraud Operations Manager, CFE


What Is Smishing?

In the fast-paced world we live in, Short Message Services (SMS) have become an easy and convenient way to share information quickly. Commonly referred to as a “text message”, SMS was first thought of in the early '80s, experimented with in the '90s and became mainstream on most mobile phone devices by the mid 2000s. The premise was and still is, to send a short message that is less than 160 characters for quick communication.

Today, text messaging is a standard communication in society. It is used to distribute information to large groups, quick messaging between friends and family, and for two-factor verification of authenticity to fight against fraudsters attempting account compromise or takeover.

While this tool is very effective when used correctly, we have seen many instances of text messages used to defraud individuals of their hard-earned income. This type of fraud is usually called “Smishing” or “Tishing” and is like Phishing but related to Short Message Services and Texting. Most commonly, fraudsters will send out text messages to members pretending to be from a legitimate organization such as the Internal Revenue Service (IRS), Social Security Administration, or even another bank or credit union.

What Does A Smishing Text Message Look Like?

This graphic is explained below.

Smishing Text Message Example.

These text messages can include directions to call a number and speak with a representative pretending to work for the agency or institution. Often the fraudsters make the message seem urgent, stating the member's account was “compromised by fraud and needs immediate action before the account is closed by a representative.” These claims are false and are another attempt by fraudsters to get members to cooperate with their scams.

More recently, fraudsters may include a hyperlink in the text message to a fake website or domain in an attempt to gain access to a member's end-user device, such as a mobile phone or iPad. Members should use extreme caution when using hyperlinks via text messages or emails. Hyperlinks can contain embedded software giving virtual “consent” or even tracking software that is downloaded to a phone or device, both of which commonly can happen without the member's knowledge.

Many a public service announcement has been sent out from Federal Agencies, utility, technology, and e-commerce companies stating they will not attempt to collect funds from individuals via text messages.

2 Key Things To Remember To Protect Yourself:

  • Coastal will never attempt to solicit member's personal identifiable information (PII) or account information through a text message.
  • Think twice before willingly providing information through these channels and always attempt to verify information before giving access, especially to individuals who seem urgent or in a hurry.

Looking For More Fraud Protection Tips?

At Coastal, we will keep you informed 24/7 about the latest risks so you stay vigilant in the fight against fraud.

Latest Fraud Tips & Updates


Back To All Articles

Social Blog Features

Blog Cross Promotions

Coastal's Fraud Prevention Tools

The fraud and security tools you need, right at your fingertips!

Learn More

You Also May Be Interested In

Member Tips
Phone Scams On The Rise
Read Article
Next Step in Ransomware Prevention
Read Article
3 Types of Imposter Scams to Watch Out For
Read Article