Smishing

How it works

A short text creates urgency, such as "your parcel is held" or "confirm your payment", and links to a lookalike site. Mobile screens hide full URLs, link previews are minimal, and people trust SMS more than email, so click rates run high.

How it relates to brand impersonation

Smishing rides on brand impersonation: the message and the landing page both pose as a trusted organization. The landing pages are lookalike domains that monitoring can catch and takedowns can remove.

How nebty helps

nebty monitors for the lookalike domains used in smishing campaigns against your brand and takes the fraudulent pages down on demand.

Why text messages get clicked

Smishing exploits how people use their phones. A text feels more personal and urgent than an email, link previews are minimal, and the mobile address bar hides most of a URL, so a lookalike domain is harder to catch than on a desktop. Common pretexts are a held parcel, a failed payment, a bank security alert, or a tax refund, each chosen because it prompts a quick tap before thinking. Carrier filtering catches some of it, but attackers rotate numbers and sender IDs fast. The advice for users is simple: never act on a link in an unexpected text; open the company app or type the address yourself. For a brand, the destination is still a lookalike site, so monitoring for those domains and taking them down removes the place the campaign actually sends victims.

If you receive one impersonating your own brand, report the number to your carrier and capture the link, since the same lookalike domain often powers a wider campaign across thousands of texts.