Smishing Exposed: How to Protect Yourself Against Text Scams

Vikki BournerWritten by Vikki Bourner, on 24 Oct, 2024

Scams come in all shapes and sizes, but smishing is one that’s been causing concern lately. If you’ve never heard of it, don’t worry—we’re here to break it down and help you stay safe.

What is Smishing?

Smishing is like phishing’s sneaky cousin. While phishing involves email scams, smishing uses text messages to deceive you. Fraudsters often pose as trusted organisations, such as banks, delivery services, or even friends in need, aiming to steal personal information or even your money. It’s a prevalent crime with Stop Scams UK reporting that 40% of consumers have been targeted by text messages.

Smishing definition vs. phishing

Phishing is the broad umbrella term for scams where attackers use deceptive messages to steal information, but smishing specifically targets your phone’s SMS or messaging apps. Both aim to trick you into clicking on a link or sharing sensitive data, however smishing takes advantage of our tendency to trust text messages more than emails.

Smishing is text scams and phishing is email scams.

Real-life smishing examples

Unfortunately, text message scams have impacted many in the UK. Here are some well-known cases:

The student loan scam

At the start of the term, students are sent fake texts asking to clarify bank details for their loan payment, directing money straight into the scammer’s accounts. In 2023, The Student Loans Company managed to stop £2.9m of maintenance loan payments being taken by criminals.

The Royal Mail scam

During the pandemic, scammers posed as Royal Mail, sending texts requesting fake delivery fees. This led to a 700% increase in smishing attacks between 2020 and 2021. During this period, a couple in Somerset, lost £2500 after a link was clicked to pay £2.50 for the release of a parcel with insufficient postage. One particular morning in 2021, the City of London Police made eight arrests as part of their crackdown on the problem. This is a scam that comes around time and again.

Parcel delivery scams

Fraudsters targeted Hermes and DPD customers with fake text messages, claiming delivery fees were required, exploiting the online shopping surge during lockdown. These continue in 2024 with text messages claiming parcels couldn’t be delivered due to an incomplete address, to gain personal or financial information.

Bank smishing scams

Scammers impersonated Barclays, HSBC and other banks by sending texts about suspicious activity on accounts, tricking recipients into giving away their banking details.

Real life examples of smishing.

How smishing attacks work

Smishing attacks often start with a message that looks legitimate. It might ask you to:

  • Confirm a delivery or other details.
  • Log into your bank account.
  • Claim a prize.

When you click on the link, you’re taken to a fake website designed to steal your login details, install malware, or access your personal information.

Common smishing message tactics

Smishing texts are clever and often include:

  • Logos or names of brands you trust.
  • Urgent requests that make you want to act fast.
  • Links that seem real but lead to fake sites.

Some smishing messages even appear in the same text thread as genuine messages from a company, making it harder to spot the scam.

How to prevent smishing scams

Don’t worry if you feel helpless against smishing. Here are some simple steps to protect yourself:

  1. Check the sender: If you’re not sure about a message, contact the company directly. Use their official website or customer service number – not the one in the text.
  2. Don’t click on links: Avoid clicking links in texts from numbers you don’t know. If you think it might be real, type the website address into your browser instead.
  3. Report it: In the UK, you can forward smishing texts to 7726 (spells SPAM). This helps your mobile provider stop these scams.
Don't click the link - it could be smishing!

How to recognise smishing attempts

While smishing attackers evolve their techniques, there are common red flags to look out for.

  • Urgent action requests e.g., “Your account will be locked!” or “Your parcel will be returned to sender.”
  • Fake URLs that closely resemble real websites.
  • Unsolicited prizes or offers.
  • Suspicious numbers or shortcodes.

Attackers use psychological and emotional language to induce fear and anxiety in order to trick you. Messages can be disguised as coming from reputable sources like banks, delivery services, or government agencies.

Phonely’s role in protecting against digital landline scams

At Phonely, we’re serious about keeping you safe from scams. When it comes to your digital landline, our CallGuard feature blocks scammers in ways they’d never suspect, offering a uniquely robust layer of protection. We also work with Neighbourhood Watch, Friends Against Scams and Age UK to stay ahead of the latest scam trends.

FAQs about smishing

What happens if you click on a smishing text?

If you click on a smishing link, you could be directed to a fake site designed to steal your data or infect your phone with malware. If this happens, immediately disconnect from the internet and run a security scan on your device and then report it.

How can I report smishing?

In the UK, you can forward suspicious texts to 7726 (SPAM) to report them to your mobile network provider. Alternatively, if you feel you’ve fallen victim to a scam please report it to Action Fraud.

Report a scam or scam attempt to Action Fraud.

What is smishing vs phishing?

Smishing involves SMS or text message scams, while phishing typically happens via email. Both aim to trick you into sharing personal or financial information.

How do I stay safe from smishing?

To avoid smishing scams, never click on links in unsolicited texts, always verify the source of messages, and consider using scam protection tools like CallGuard from Phonely.

What is an example of smishing?

Imagine getting a text that looks like it’s from your bank. It says there’s been suspicious activity on your account and asks you to verify your details. The text includes a link to a website that looks like your bank’s site, but it’s actually fake. Your bank will never ask you to verify your details in this way.

What is whaling phishing?

Whaling is like phishing, but it targets big fish – high-level executives, CEOs or important people in a company. These attacks often look like official business communications, complete with corporate language and logos.

Finally, smishing & phishing: How to stay safe

To protect yourself from both smishing and phishing:

  • Never share personal info over text or email.
  • Always double-check before acting on any message.
  • Report suspicious messages to your mobile provider (7726) or the authorities.

Remember, it’s okay to take your time and be cautious. Your safety is more important than responding quickly to a text!

Stay safe out there, and if you ever need help or advice about phone scams, we’re always here at Phonely. Together, we can outsmart the scammers!

BBC Scam Safe
Dementia Friend
City of London Police
Manchester Police
Cyber Essentials Plus badge
Business Awards 2024