Skip to Main Content


  • Overview


    "Smishing" is the sending of text messages to cell phones to solicit personal information. The term mixes "SMS," Short Message Service technology that is used to send text messages to cell phones, with "phishing," a scheme identity thieves use to send legitimate-appearing emails to obtain personal account information. In a banking context, SMS text messages often appear to come from the victim's own financial institution and may indicate that his or her ATM card is being deactivated or has expired. The text asks the recipient to contact a phone number to reactivate the card and provide his card number, PIN and the three-digit security code. This stolen information is then used to withdraw funds from the customer's account. Smishing also can be used to send messages that include a URL, which, if activated by the victim, downloads malicious software that could allow a phone with Internet capabilities to be controlled by hackers.

    While smishing has been around for several years, it has resurfaced as yet another means to commit identity theft. Being mindful of requests for personal information of any type — and not providing it — except to legitimate companies that have a verification process is a way to protect yourself. You might check with your financial institution or visit its Web site to see what the bank's policy is about requesting personal information from you. An alert may be on the Web site explaining that your bank does not ask for confidential information over the phone without verification.

    If you are a victim of an unauthorized withdrawal from your account resulting from smishing, be aware that your financial institution may only hold you liable for an unauthorized fund transfer in accordance with the limits prescribed in Regulation E — Electronic Fund Transfer Act (EFTA). The primary objective of the law is the protection of individual consumer rights in dealing with electronic fund transfer systems. To receive the protections of the EFTA, however, the consumer must take certain steps, including notifying the bank of the unauthorized transfer of funds.

  • Who to Contact

    Who to Contact

    If you would like additional information on identity theft or you feel that your identity has been stolen, you may want to read the Federal Trade Commission's brochure, "Take Charge: Fighting Back Against Identity Theft." The publication discusses ways to prevent from becoming a victim of identity theft and steps to take if you feel you have been a victim.

  • Tips for Preventing
    • Monitor your credit reports.
    • Review your bank and credit card statements. If any unauthorized transactions are listed, follow your bank's procedures to report them immediately.
    • If you fail to receive a bill or statement, follow up with the company.
    • Never respond directly to an email or text message from your bank or credit card company.
    • Always keep your passwords confidential. Banks and credit card companies will never ask for you to disclose them.

Additional Resources

Phone Icon Contact Us