Back to overview

Smishing: Phishing via SMS or messenger

Your cell phone vibrates. A new message: "Your account has been locked. Please click on the link below to reactivate." Caution is advised with text messages of this type, as they could be smishing messages.
Woman looking at her cell phone
These topics will be addressed

What is smishing?

The term "smishing" is derived from the combination of "phishing" and "SMS". In phishing, criminals disguise themselves as legitimate senders in an attempt to obtain confidential data or install malware. Phishing is now also possible via SMS or messenger services such as WhatsApp. 

Twint users, for example, have received smishing text messages threatening to lock their accounts and urging them to contact the sender via WhatsApp. Smishing uses similar scams to phishing. This also includes suggesting a high degree of urgency and pressuring the recipients of the message to act. Tempting offers that are too good to be true are also among the tricks used by cyber criminals. This is intended to motivate recipients to disclose details such as passwords or to click on links that have been manipulated with malware.

Examples of smishing messages

We will show you examples of what fraudulent text messages can look like – and, for comparison, legitimate requests from service providers.

Bank fraud

Be cautious! Suspected smishing: The sender is unknown and urges you to enter the password. 

  • Our advice: Do not click on the link, but report the incident to your bank. Please remember that your bank or other financial institution will never ask you to enter personal data such as passwords or credit card information via a link or in a form. You should therefore always be alert to such messages.
Bank fraud example SMS

Notification of winnings

Be cautious! Suspected smishing: The sender is unknown and urges you to disclose personal data. 

  • Our advice: If you have taken part in a competition, contact the organizer – if not, ignore the request. 
Winning notification example SMS

Telephone fraud

Sender: +123456789 (unknown number)
Message: "A new passkey has been triggered for your crypto account. If this was not done by you, please call us: [telephone number]".

Be cautious! Suspected smishing: The unknown sender asks you to call a specific number. This approach is becoming increasingly popular, as personal conversations often help fraudsters to succeed.

  • Our advice: Do not call the number given, but contact your crypto provider directly via the official website or the contact details given there. 
Man on laptop

Protection against phishing
The Zurich Cyber Security App combines various protection features. It detects harmful websites and links, and warns against potential phishing attacks.


To the offer

How do fraudsters get my data?

When companies are hacked, personal data such as names, addresses, passwords, emails and telephone numbers of their customers can be stolen. Criminals use this data for cyberattacks or sell it on the dark web.

You can check whether your data is affected free of charge with our ID check:
To the ID check

What should I do if I suspect smishing?

If you receive a suspicious message via text message or messenger service, don't let yourself be put under pressure. 

Here's how to protect yourself in such a situation.

  • Do not react: Please do not open any links, do not reply to the message, and do not call any numbers mentioned in the message.
  • Report the incident: Forward the suspicious message to the relevant mobile phone provider or the service supplier concerned (e.g. bank). If possible, also report the incident to the National Cyber Security Centre (NCSC) by email or using a reporting from:
    Email: incidents@ncsc.ch 
    Reporting form: https://www.report.ncsc.admin.ch/en/ 
    Reporting form: https://www.antiphishing.ch/en/index.php
  • Delete the message: Delete the message or move it to the spam folder. 
  • Take your time and only use official contacts from the respective provider to make inquiries – and not the contact details from the suspicious message.

How do I protect myself from smishing?

The good news is that you don't have to be a cyber expert to make life difficult for hackers. You can prevent smishing and other cyberattacks with simple means:

  • Activate security functions
    Most mobile devices offer spam filters and other security functions as standard. Activate these options so that suspicious messages are automatically recognized and blocked. This way you will not receive these messages in the first place. 
  • Use two-factor authentication (2FA)
    With 2FA, whenever you log into one of your online accounts, you will receive a code by text message or email after entering your password. You cannot log in without this code. This additional security level reduces the risk of data theft.
  • Regular updates
    Always keep the software and systems on your device up to date. 
  • Stay informed
    Keep yourself regularly informed about current cyber incidents and talk about them with those around you. This also reduces the likelihood of a cyberattack.

Smishing protection from Zurich

With "Cyber – Prevention" you get access to the Zurich Cyber Security App. With the app, you will receive alerts about current fake text messages in real time. If you have any questions or if you have been taken in by a fake message, you can contact our cyber experts directly via the app. You also benefit from additional security functions:

  • Identity Protection: scans the dark net for your data.
  • Device Protection: protects your personal data.
  • Secure Surfing: warns you about harmful websites.
  • Secure VPN: for anonymous surfing on the Internet.
  • Secure WiFi: monitors activities in your network.
  • Password Manager: creates and manages your passwords.

To the cyber protection insurance

Good to know

Has your data been stolen? Our free ID check will tell you whether you are affected.
Check now

More articles
view all articles