top of page
  • Writer's pictureKathleen Biesiadecki

Phishing and Smishing Attacks: Stay One Step Ahead to Protect Yourself

Credit card phishing scam with credit card in fishing hook

Key Takeaways:

  • Phishing can occur through various channels, including email, text messages, or social media platforms.

  • Approach unsolicited messages with caution, especially if they create a sense of urgency or fear. Take the time to verify the sender's identity through other means, such as a phone call, rather than responding to the message.

  • Avoid clicking on links in unsolicited messages, especially those requesting personal information.

  • Verify the authenticity of the message through the official website or direct contact with the organization.

As the end of Cybersecurity Awareness Month approaches, our commitment to safeguarding digital landscapes and fortifying defenses against cyber threats continues to take center stage (read last week's blog here). Technology has become an integral part of our lives and the threat of cyberattacks continues to grow. It is no longer “if” you will get hacked, but “when” so knowing how to minimize your risk is essential. In the final part of our cybersecurity series, we focus on what phishing and smishing are, how they work, and most importantly, how to protect yourself from becoming a victim.

Understanding Phishing and Smishing

Phishing and smishing attacks are two common tactics used by cybercriminals to deceive and manipulate individuals into revealing sensitive information, sometimes called PII (Personally Identifiable Information), or executing harmful actions. Cybercriminals impersonate trusted individuals or institutions, tricking the recipient into divulging personal or confidential information, like bank account information, social security numbers, login credentials, etc. These attacks can occur via email, text messaging, or on social media platforms.

Scam alert, hand holding phone a call from scammer.

Relatively new to the cybercrime world "smishing" (a blend of “SMS” and “phishing”) involves the use of text messages to deceive individuals. Fraudsters impersonate a trusted individual or institution and typically ask you to take specific actions, such as clicking a link, replying to the message, or calling a number. Phishing and smishing share a number of common characteristics, such as:

  • Emails or text messages will appear to be from legitimate sources like banks, government agencies, or well-known companies.

  • Urgent or threatening language is meant to create panic and spur immediate action.

  • Links that lead to fake websites where you’re asked to provide sensitive information.

  • Attachments may contain malware or viruses that can infect your device.

Protecting Yourself from Phishing and Smishing Attacks

1. Be Skeptical. Always approach unsolicited messages with caution. Cybercriminals rely on urgency and fear to trick you. We’ve all heard stories about someone falling prey to a cybercriminal pretending to be a family member in crisis, needing funds wired right away, unreachable by phone, etc. If you’re unsure or something doesn’t seem right, take a moment to verify the sender’s identity with a phone call, don’t respond to the original message.

2. Don’t Click on Suspicious Links. Never click on links from unsolicited messages, especially those that ask for your personal information. If you receive a message claiming to be from your bank or a familiar service, visit their website or contact them directly to confirm its authenticity.

Example of what a fraudulent email may look like.

3. Double-Check the Sender. Scrutinize the sender’s email address or phone number. Even if the message seems legitimate, ensure that the contact information matches the official details of the organization it claims to be from. Fraudsters are very clever, usually only changing one letter in an email address or copying and pasting an official logo. I often tell clients, and my parents, that Microsoft, the IRS, and your bank, to name a few, are not going to contact you via email or text to update your information. Check out the email below "from" Candace. Can you spot the tells that might indicate this is not a legitimate email? (Answers below.)

4. Secure Your Personal Information. Avoid sharing sensitive information like social security numbers, passwords, or credit card details via text messages or emails. Legitimate organizations will never request such information through those channels.

5. Enable Two-Factor Authentication. As we discussed in our Digital Defense 101 post, whenever possible, enable two-factor authentication (2FA) for your accounts. This adds an extra layer of security, making it more challenging for cybercriminals to access your accounts.


Phishing and smishing attacks are deceptive and can have dire consequences if you fall prey to them. However, with vigilance, skepticism, and a commitment to best practices, you can greatly reduce your risk of becoming a victim. Remember, always be cautious when dealing with unsolicited messages or requests for personal information across all digital platforms.

Example of what a fraudulent email may look like; pointing out mistakes a frauster may make.

At Novi Wealth Partners we do our best to make our clients aware of the various and constantly changing digital landscape because we know education is one of the best ways to protect yourself against cybercrimes. We hope you've enjoyed our cybersecurity awareness blog posts and encourage you to share these posts with your friends and family.


Commenting has been turned off.
bottom of page