top of page

How Businesses Can Protect Against Smishing

Most businesses and individuals are familiar with phishing, which entails cybercriminals leveraging fraudulent emails to manipulate recipients into sharing sensitive information, clicking malicious links or opening harmful attachments. While these scams remain a pressing concern, a new form of phishing—known as smishing—has emerged over the years.


Smishing relies on the same tactics as phishing. The sole difference between these tactics is that smishing targets victims through text messages rather than emails. If a recipient is tricked into doing what a smishing message asks, they could unknowingly download malware or expose sensitive information. Since employees may use their smartphones for work-related tasks, smishing has the potential to impact businesses as well. For example, someone who falls for a smishing scam could inadvertently give a cybercriminal access to their

workplace credentials, allowing the criminal to collect confidential data from the victim’s employer and even steal business funds.


Here’s what businesses can do to minimize smishing exposures and prevent related cyber incidents:

• Provide training. It’s best for businesses to conduct routine employee training on smishing detection and prevention. This training should instruct employees to watch for signs of smishing in text messages

(e.g., lack of personalization, generic phrasing and urgent requests), avoid interacting with suspicious messages in any capacity and report such messages to their IT departments.

• Ensure adequate bring-your-own-device (BYOD) procedures. Businesses should establish solid BYOD procedures to ensure employees act appropriately when utilizing their smartphones for work-related purposes. These procedures may include using private Wi-Fi networks, implementing multifactor authentication capabilities and conducting routine device updates.

• Implement access controls. By only allowing employees access to information they need to complete their job duties, businesses can reduce the risk of cybercriminals compromising excess data or securing unsolicited funds amid smishing incidents.

• Utilize proper security software. Businesses should ensure that company-owned smartphones are equipped with up-to-date security software. In particular, smartphones should possess antivirus programs, spam detection systems and message-blocking tools.

• Purchase sufficient coverage. It’s vital for businesses to secure proper cyber insurance to protect against potential losses stemming from smishing incidents. Businesses should consult trusted insurance professionals to discuss specific coverage needs.

bottom of page