How SmishAlert detects threats
How we spot scam messages and dangerous links—in plain language.
SmishAlert looks at messages and links to figure out if they're safe or suspicious. We use technology on your phone and, when you report something, our systems in the cloud. You don't need to understand how it works—you'll just see results like "Clean," "Suspicious," or "High risk" when we analyze something.
What we detect
- Malicious or phishing URLs
- Impersonation and social engineering
- Payment or redirection pressure
- QR code payloads (URLs behind the code)
- Executive or brand impersonation
Threat levels
Results are typically labeled with a risk level (e.g. Clean, Low, Medium, High). Higher levels mean we're more confident the content is malicious or deceptive. You'll see these in the mobile app after reporting (and in the Messages extension on iPhone where available).
Privacy
On-device filtering runs locally. When we use the cloud (e.g. for reporting or deeper analysis), we only use the data needed for that request and do not use it to build advertising profiles or train third-party models. See our Privacy & Security section for full details.