Phishing comes with different faces

Shreenkhala Bhattarai
2 min readDec 18, 2022


Smishing is a type of cyber attack that uses social engineering techniques to trick individuals into giving sensitive information, such as login credentials or financial information, through text messages. It is a form of phishing, which is the use of fraudulent emails or websites to obtain sensitive information, but it occurs over SMS (Short Message Service) or messaging apps instead of email or the web.

Smishing attacks can be difficult to spot because they often appear to be legitimate messages from trusted sources, such as banks, government agencies, or well-known companies. The attackers may use spoofed phone numbers or mimic the language and branding of the purported sender in order to appear authentic.

Some common tactics used in smishing attacks include:

  1. Urgency: The attacker may use language that creates a sense of urgency or fear, such as telling the recipient that their account has been compromised or that they need to act quickly to avoid some negative consequence.
  2. Personalization: The attacker may use the recipient’s name or other personal information to make the message seem more authentic.
  3. Links or attachments: The attacker may include a link or attachment in the message that, when clicked, installs malware on the recipient’s device or redirects them to a fake website where they are prompted to enter sensitive information.

To avoid being discovered, many attackers automate the sending of text messages to multiple users using an email address.The following image displays a sample smishing attack. Here, the attacker poses as tha SBI Bank; reminds the user to update the ATM card and contact to the given number.If the recipient calls, they get scammed.

“Informed User is Secured User”

This communication is not from Bank. Bank does not solicit personal information through automated text messages.

In the example image above, the end user is cautious when receiving unwanted text messages from an unknown source because they are aware of the attacker’s smishing attack techniques.

To protect against smishing attacks, it is important to be cautious when receiving text messages from unknown numbers or from sources that seem suspicious. Do not click on links or download attachments from unknown sources, and do not provide personal or financial information in response to text messages or phone calls unless you are certain that the request is legitimate. It is also a good idea to keep your device’s security software up to date to help protect against malware.



Shreenkhala Bhattarai

Security Analyst at CryptoGen Nepal