Security Bloggers Network Social Engineering 
SBN

The Threat Landscape: SMiShing

by Social-Engineer on May 27, 2025

On your way to work, you drive through an E-Z pass toll lane. Days or weeks later, you get a text that informs you of an E-Z pass toll violation! The text says that if you don’t click the link and pay your toll, you will incur additional late fees. What will you do?

Scenarios like the one detailed above happen daily. It is just one example of how smishing attacks are on the rise. Cybercriminals are evolving as threat vectors increase and change. This requires us to use critical thinking to avoid falling victim to their traps. Time and circumstance could make their scams appear quite realistic. This, in combination with progressing techniques, means that any of us could, in the right situation, click that link. With the threat landscape looming, how can you stay secure? Let’s discuss and refresh on some good practices together.

The Threat Landscape: SMiShing

Verification: How to

The most important step is going to be verification. Always verify a text message from an unknown sender before you trust it. If a message claims to be from a government agency, you can contact that agency directly by using the official number from their verified website. For example, if you get a message like the one above, you can contact your local tolling agency to see if the message was legitimate. This way, you ensure you are contacting the official company or agency and asking the right questions before you click on any unsolicited links. If you cannot verify the message, do not click or engage.

Identification: 4 Signs

Verification is certainly the main way to remain secure. However, if you are not certain if the text is a smish before verification, there are a few things you can keep an eye out for:

  • First, there will be pressure to act in the moment.
  • Second, scammers will pretend to be from an agency or company that you know to build trust. You can see this when cybercriminals impersonate Amazon or other known entities.
  • Third, scammers will likely say there is a problem or a prize if you act.
  • Fourth, they will tell you to pay in a specific way, such as via the included link.

With so many threats and cybercriminals existing today it can be difficult to remain secure. This is one reason education on these topics is so vital. We commend you for your commitment to that cause and encourage you to share this article on smishing with your family and coworkers. Keep in mind that verifying the validity of a message is the most important step in not falling for a scam. If you have trouble with this step, remember our 4 points to identifying a scam: 1) there will be pressure to act, 2) they may imitate a known entity, 3) there will be a problem or prize, and 4) they will tell you to pay in a specific way. For more information on smishing or other scam vectors, check out social-engineer.com. Stay safe!

Written by
Shelby Dacko
Human Risk Analyst, Social-Engineer, LLC

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/social-engineering/the-threat-landscape-smishing/

Social-Engineer 0 Comments