Smishing, short for "SMS phishing," is a form of phishing attack that targets individuals through text messages (SMS) sent to their mobile devices. It is similar to email-based phishing but uses SMS as the medium for carrying out the attack.

In a smishing attack, the attacker sends a deceptive text message to the target, usually pretending to be a legitimate entity like a bank, government agency, or service provider. The message often includes urgent or alarming content to create a sense of urgency and prompt the recipient to take immediate action.

The text message may contain a request for personal information, such as account credentials, credit card numbers, or social security numbers. It might also include a link that directs the recipient to a website designed to mimic a legitimate one, where they are asked to enter sensitive information.

The goal of smishing attacks is to trick individuals into revealing their confidential information or to lure them into downloading malicious content, such as malware or spyware, onto their mobile devices.