Protect Your Personal Info: How to Identify Suspicious Emails and Text Messages

Summary: Learn how to spot smishing and phishing scams and simple steps you can take to protect your personal information when using text messages and emails.

Smishing vs Phishing: How to Spot and Stop Text Message Scams

In today’s world, where we pay bills, shop and bank online, the risks of someone accessing your personal information are more real than ever. Identity thieves and scammers are continually dreaming up new ways to get a hold of your sensitive information. These include two techniques you may not have heard of — phishing and SMS phishing (or smishing as it’s often called).

These common scams are cleverly disguised to seem harmless but are aimed at stealing your personal information through texts or emails. Knowing what they are and how to spot them is crucial to protect yourself from these threats.

Tips for identifying and avoiding phishing and smishing

Simply put, phishing is when someone tricks you into giving away your personal or financial information through an email, which they then use for bad purposes. These emails often ask you to update or verify personal information by replying to the email or visiting a website. The web address may even be disguised to look legitimate or familiar. These phony websites exist just to get your personal information.

Smishing is when scammers use text messages to try and trick you into giving them your private info, such as passwords, account numbers or your Social Security number. These texts often appear harmless, but they’re not.

Actual companies will not contact you through text or email to obtain personal information. If you’re not sure, look very carefully at the email address, URL and the spelling used in messaging. Cyberthieves will modify all of these to look legitimate, but they often contain errors.

When you share information online or on social media, even the smallest details can be used by thieves to guess your password or answers to security questions. Never share pet names, schools you attended, your birth date or the names of family members.¹

Using the STALL method to detect smishing emails

One easy-to-remember way to check to see if an email might be a phishing attempt is to follow the STALL method.

• Sender: Do you know who sent it? If not, be wary.
• Tone: Does the email sound too urgent or just off? That’s a red flag.
• Attachment: Unexpected attachments, especially odd ones, should never be opened.
• Link: Mouse over links to see where they really lead. Shortened URLs can be deceptive.
• Login Requests: Be suspicious of emails asking you to log in anywhere.

Effective strategies to prevent smishing

When you receive a text message that seems suspicious, it’s important to take these added precautions before you respond.

• Remain skeptical: Don’t trust links from numbers you don’t know and ignore requests for your personal info.
• Verify sender identity: Got a suspicious text? Double check who it’s really from before you do anything.
• Safeguard your information: Never text back your sensitive information — no matter what!
• Question caller ID authenticity: Just because the caller ID looks legitimate, doesn’t mean it is.
• Report and block: Think it’s a smishing text? Tell your mobile carrier and block the number to stop them in their tracks.

Use smartphone tools for added protection

Your smartphone has some neat tricks to spot shady links. For example, on an iPhone, you can press and hold on a link to peek at the website it’s going to take you to.

Android phones will show you a warning if the link’s destination isn’t what it appears to be.

Staying alert and informed and using multifactor authentication helps you keep your personal info safe from these widespread scams. When in doubt, always double check on your own and prioritize your online safety.

For more information about how to stay safe when on the internet, read Online Safety: 7 Tips for Seniors.

Frequently Asked Questions:

Q1: What happens if I click on a link in a smishing text?

If you’ve clicked on a link in a smishing text, you’ll need to take some steps to prevent thieves from obtaining your personal info. Do not fill out any forms or provide any information. Immediately disconnect from any Wi-Fi or cellular network to prevent malware from being downloaded. Most operating systems have built-in antivirus software you can use to scan your device for malware and viruses. Back up your important data to an external hard drive or USB. Finally, be sure to change all passwords right away.¹

Q2: What are smishing warning signs?

Key warning signs of a smishing attack are text messages from unknown sources. They often include links that, when clicked, can download malware or viruses to your system or compromise your personal information.² Never respond to a text or click a link in a text from an unknown source — no matter how reputable it seems. If you believe a legitimate source may be trying to text you, call that source directly to verify before responding.

Footnotes:
¹FBI, Spoofing and Phishing, accessed June 2025, fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/spoofing-and-phishing.

² Cybertec Security, Don’t Panic! Here’s What to Do If You Clicked on a Phishing Link, Jan. 24, 2023, accessed June 2025,  info.cybertecsecurity.com/what-to-do-if-you-clicked-on-a-phishing-link.

³ IBM, What is Smishing (SMS Phishing)? June 10, 2024, accessed June 2025, ibm.com/think/topics/smishing.

630011_0725