Smishing (text scam).
In plain English
Smishing is phishing carried out by text message, the SMS version of a fake email. A message poses as your bank, a delivery service, a toll agency, or an employer and creates urgency, a package on hold, a suspicious charge, an account locked, to get you to tap a link or reply with personal or login details. The links lead to convincing fake sites that harvest what you enter. These messages are sent by the million and can spoof real names, so receiving one says nothing about you; the safe move is to ignore the link and contact the company through a number or app you already trust.
01Why it matters
Smishing is one of the most common ways scammers reach people directly, so recognizing the pattern, urgency plus a link, lets you route around it by contacting the real company yourself instead of tapping.
02The math, step by step
A text says a package could not be delivered and to confirm details at a link. The link opens a page that looks like a real carrier but captures your card and login. Nothing about getting the text means you did anything wrong; deleting it and checking the carrier's real app is the safe response.
03What this is NOT
It is not always obvious. Smishing can spoof a real company's name and copy its look. The tell is a link or request for information paired with urgency; a genuine company lets you act through its official app or a number you already have.
04Receipts
Every figure on this page is sourced to a primary document. Tap to open the original.