Smishing – Another Point of Entry for Cybercriminals
Read Time: 3 minutes
The next time you receive an unsolicited text message, pause before opening it. Smishing combines short message service (“SMS”) and phishing and is performed via text or social media messaging. Depending on the cybercriminal's focus and expertise, a smishing attack can trick an individual into entering their login credentials to a fake website, installing an app laden with malware, or simply responding to a text and providing their username and password. In addition to potential financial losses, a smishing attack can expose an individual’s personally identifiable information, resulting in the stress and inconvenience of identity theft.
Protect yourself
As individuals switch between personal and business devices, smishing is particularly beneficial for cybercriminals as it can unlock personal and business-related data. Anyone who uses a smartphone or exchanges messages via social media must be aware of the threat and take steps to protect themselves. Here are steps you can take:
Resist the temptation to act.
Smishing attacks urge individuals to act quickly before they can scrutinize the message and question its legitimacy. Before opening a text and interacting with it, you should pause and give yourself time to think. You should be especially wary of texts that mention security, limited offers, or legal issues, as they are often used to trigger action.
Businesses will not use texting to exchange sensitive data.
While texting is a routine activity, for security and compliance reasons, financial institutions do not use it to gather sensitive data. If in doubt, you should delete the message and contact your financial institution. If the message is legitimate and urgent, most institutions will follow up via other communication channels.
Do not store sensitive data on your device.
While many smartphones remain in an individual's possession, such proximity provides a false sense of security. Sophisticated cybercriminals can use smishing to access the data stored on any device. You should exercise caution when storing personal data on your phone. For example, you should not store complete passwords, bank account numbers, social security numbers, or any other sensitive data you wouldn’t want anyone to access.
The magnitude of the losses associated with a smishing attack depends on the attacker's skills and ability to use the data they steal. While you may struggle to delete a text message without opening it, that is often the safest way to act.
12024 State of the Phish, Proofpoint
Copyright © 2025 ABA Retirement Funds - All Rights Reserved.
Please read the Program Annual Disclosure Document (April 2026) carefully before investing. This Annual Disclosure Document contains important information about the Program and investment options. For email inquiries, use: contactus@abaretirement.com and include your 6-digit plan number.
Voya Financial® and ABA Retirement Funds are not affiliated and are not responsible for the products and services provided by the other.