Phishing and smishing are two of the most common forms of cyber crime. Phishing has been around longer, and is typically email-based, while smishing takes place via text messages. Both forms of fraud typically involve an intentionally misleading message sent to illegally capture personal or sensitive business information. These messages are designed to trick recipients into trusting their source as a reputable business, financial institution, or e-commerce site.

Here are some clues to help you and your colleagues identify a phishing email or a smishing text:

  • Suspicious text: Incorrect grammar, unusual urgency, or substance that is generally inconsistent with the supposed sender's usual messaging may all represent tell-tale signs of phishing.
  • Wrong URL: Scammers can create hoax websites with names of reputable sites by changing a letter or character. If any part of the URL seems awry or unfamiliar, do not click through.
  • False hyperlinks: Online or email text with embedded links may seem to refer to reputable sites, but the link itself leads to a scam site. To check, hover over the link to see the source address.


The information and recommendations contained here have been compiled from sources believed to be reliable and represent the best current opinion on the subject. No warranty, express or implied by KeyBank, is made as to the absolute correctness or sufficiency of the information contained. This is meant as general information only; particular situations may require additional actions.

This document is designed to provide general information only and is not comprehensive nor is it legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. KeyBank does not make any warranties regarding the results obtained from the use of this information.