Articles
Videos
Locator
FAQs
Key Takeaways
- Smishing refers to the fraudulent text messages inducing mobile users to share financial information, download malware, or make payments
- Beware of such SMSes or text messages and take apt action
- Verify all claims for offers, prizes, pleas for help received through text messages independently before acting on them
A recent report suggests that smartphone penetration in India was estimated to be 54 percent in 2020. By the year 2040, it is expected to reach 96 percent. While this shall bring a number of facilities to the fingertips of Indians, it is also important to remember that phishing attempts through text messages, emails, and voice calls are on the rise in the country. One of the most common among these is smishing.
Smishing is an amalgamation of the word SMS (text messages) and phishing. It refers to the fraudulent activities or attempts by cybercriminals to pose as a legitimate organisation or service provider and gain access to financial or personal data through text message. Usually, these smishing text messages prompt unsuspecting users to click on a link that can be used to hack and defraud them.
Visit our service portal
How does smishing work?
SMS or text messages used to conduct smishing activities could resemble:
- Your bank or financial institution - these may prompt you to click on a link and make an outstanding payment or prompt you to follow a link to unblock a blocked account or credit card
- Your mobile service provider - These could prompt you to click a link and provide personal data to prevent the deactivation of services
- The government - These could resemble text messages from the Income Tax department and seek financial information
- Lotteries and prizes - These often claim that you have won a lottery and prompt you to click the link to claim the prize
A friend – This could sound like a friend looking to borrow money for some emergency or a plea for help. Clicking on the link will lead you to a phishing page
How to spot a smishing scam?
Staying aware and vigilant is the only way to stay protected. The following tips could help you spot smishing scams:
- Banks and trusted financial institutions never ask for your personal or financial information or security information such as CVV, OTP, etc. If an SMS asks for these, it should raise red flags.
- A text message that asks you to download an app or software from an untrusted source.
- A message that prompts you to act immediately without time to consider the financial repercussions.
- A plea for help from a friend but from an unknown number.
A message that claims a blockage of service without any other intimation or without any reason.
How to deal with smishing scams?
- Verify the source of the message. Call your bank or NBFC customer support to verify the authenticity of the offer or the need for KYC.
- Call your friend and check if the plea for a loan is genuine. Get an IOU or a receipt.
- Do not click links from unknown sources. Never share your login, password, OTP, CVV with anyone.
- Block numbers and texts from scammers.
- Verify your service disruption with your mobile service provider.
If you suspect you may have fallen victim to a smishing scam, register an FIR with the local police and lodge a complaint with the National Cybercrime Portal.
Your safety and financial security depend on your awareness and vigilance. RBI is focused on spreading awareness around convenience of digital transactions, security of digital transactions and protection of customers. It’s time to expand our knowledge even further by reading about the same.
Savdhaan Rahein. Safe Rahein.
Not your nearest branch?
Frequently asked questions
Overview
Identification
Prevention
Others
Smishing is a form of SMS‑based phishing. Here scammers send deceptive text messages pretending to be trusted institutions. Their goal is to steal personal or financial information.
Fraudulent text messages try to induce you to share your financial information, download malware, or make payments. They usually prompt you to click on a link that is used to hack and defraud you.
Fraudsters mimic banks, mobile operators, government departments, or known contacts. They use familiar language or urgent alerts to gain trust.
Yes. If you click unsafe links or share sensitive information, scammers may gain access to your account or misuse your personal data.
You may receive an SMS stating that your account is blocked, a payment is due, or a service needs verification. The message urges you to click a link or share details.
Yes. They may claim your card is blocked, or your KYC needs updating. Once you follow the link, you may be led to a phishing page designed to capture your credentials.
Scammers claim that you have won a lottery or a prize. They prompt you to click a link to claim your winnings, which leads you straight to a deceptive phishing page. They send text messages that resemble official communications from the government, such as the Income Tax department, to seek your sensitive financial information.
A plea for help from a friend but coming from an unknown number can be a scam. It might sound like a friend looking to borrow money for an emergency, but clicking the link will lead you to a phishing page.
Staying aware and vigilant is the only way to stay protected. You should:
- Verify all claims for offers or prizes independently.
- Never click links from unknown sources.
- Never share your login, password, OTP, or CVV with anyone.
- Block numbers and texts from scammers.
No. Banks and trusted financial institutions will never ask for your personal information, financial information, or security information such as your CVV or OTP.
Fraudsters may send links that install malware or harmful apps. These can give them remote access to your device or financial apps.
Messages that force you to “act immediately” often aim to stop you from verifying authenticity. Scammers rely on panic to lure victims.
If you suspect you may have fallen victim to a smishing scam, you must register an FIR with the local police and lodge a complaint with the National Cybercrime Portal.
Call them directly or use a verified number to check. Do not rely solely on the number displayed in the SMS.
Block the sender, avoid sharing further details, and check your accounts for unusual activity. If needed, report the incident to cybercrime authorities.
ou must always verify the source of the message. Call your bank or NBFC customer support directly to verify the need for a KYC update before taking any action.
