Cyberkiz

Smishing (SMS Phishing)

A form of phishing conducted via SMS text messages, where attackers send fraudulent messages to trick victims into clicking malicious links or revealing personal information.

Smishing combines "SMS" and "phishing." Attackers send text messages that appear to come from trusted organisations — banks, delivery services, government agencies, or e-wallet providers — to trick recipients into clicking malicious links, downloading malware, or sharing sensitive information like banking credentials and OTPs.

Extremely Common in Malaysia

Smishing is the most prevalent form of phishing in Malaysia. Messages impersonating Maybank, CIMB, Touch n Go, LHDN, and Pos Malaysia are sent daily. A typical message reads: "Your account has been suspended. Click here to verify." Legitimate organisations will never ask you to click links or share your TAC via SMS.