Smishing (SMS phishing) has overtaken email phishing for some demographics because people trust text messages more and read them faster. Over 70% of people click links in texts without verifying the sender. This guide helps you catch smishing before it catches you.
Got a suspicious text?
Paste it here — our AI detects smishing patterns and verifies if the message is legitimate.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Banks, delivery companies, and government agencies use dedicated short codes or identifiable numbers. A text about your bank account from a random 10-digit number is suspicious. Legitimate organizations typically send from short codes (5-6 digits) or identified sender names.
The golden rule of text safety: never click links in text messages. If a text claims to be from your bank, open your bank's app or type their website URL manually. If it claims a delivery issue, go to the carrier's website directly.
Most smishing uses one of a few templates: "Your package couldn't be delivered" (delivery scam), "Suspicious activity on your account" (banking scam), "You've been selected for a refund" (government scam), or "Your account will be suspended" (service scam).
In the US, forward suspicious texts to 7726 (SPAM). On iPhone, tap "Report Junk" below unknown-sender messages. On Android, use the "Report spam" option. Blocking and reporting helps carriers identify and stop smishing campaigns.