Smishing attacks use text messages to trick your employees into clicking on a link, calling back a number, or sharing information.
Thanks to the simulations I set up, your teams will learn to identify these fraudulent messages before responding to them.
What is smishing?
Smishing is an attack that uses fraudulent text messages to trick an employee into clicking on a link, calling back a number, or confirming a sensitive transaction.
The goal: to exploit the reflex of trust associated with mobile phones and prompt rapid action, often under pressure of urgency.
These attacks frequently target:
- employees using a work phone,
- teams on the road,
- services receiving MFA/SMS codes,
- users who are less familiar with mobile risks.
Why simulate smishing?
- To raise awareness of the risks associated with mobile devices.
- To learn how to recognize suspicious text messages, even if they seem credible.
- To help identify shortened or misleading links (bit.ly, is.gd, etc.).
- To reinforce the reflexes of "pause > analyze > act."
- To reduce the risk of identity theft and fraudulent refunds.
How do I work?
-
1. I design realistic text messages.
I use models inspired by real-life cases (banks, delivery, HR, MFA security, etc.) to create credible messages.
-
2. I send the scripts directly to mobile devices.
The text messages arrive as ordinary messages, to gauge the employee's actual reflexes.
-
3. I adapt content according to behavior
If a team is more vulnerable, I adjust the difficulty or the topics covered.
-
4. I explain the warning signs immediately.
If there is a click or response, I indicate what should have been noticed and how to react in the future.
-
5. I provide a clear analysis of the results.
With a summary table: clicks, openings, interactions, progress by team.
Best practices
Essential
- Never click on a shortened or unexpected link.
- Check the sender and analyze the context.
- Be wary of messages mentioning a delivery, a fine, or an urgent payment.
- Never share sensitive information via text message.
