Smishing
Smishing is similar to phishing, except that it comes in a text message. A smishing text will often contain a fraudulent link that downloads malware onto the device.
Detection
The message offers quick money from winning prizes or collecting cash after entering information. Coupon code offerings are also popular.
Financial institutions and government agencies will never send a text asking for credentials or a money transfer.
A sender number with only a few digits probably came from an email address, a sign of spam.
Mitigation
Avoid responding to a phone number that you do not recognise.
Never send credit card numbers, ATM PINs, or banking information to someone via text messages. Or on the phone, over email, …
If a text claims to be from a specific organisation or individual, contact that entity directly using known contact information, not the details provided in the text.
Prevention
Many smartphones and carriers now provide SMS filtering options to identify and block or flag suspicious texts.
Some security applications for mobile devices can help identify phishing links in text messages and prevent users from accessing malicious sites.
Even if attackers obtain some credentials through smishing, using Multifactor Authentication is an additional protective layer.
Do not store banking information on a mobile device.
Have two phone numbers, one for bureacratic matters and one for personal other use.
Telecoms offer numbers to report attacks. To protect other users, report it so that it can be investigated.
Be aware of current smishing tactics and threats. Awareness is the first line of defense.