High Value Home Insurance

What is smishing and how to prevent it

lady looking at a mobile

Have you ever received a text message that asked you for personal details or even your bank account number?

Have you been informed that you need to pay money to obtain an undelivered parcel? There’s a good chance that someone is trying to defraud you. The practice is known as ‘smishing’ and is becoming more and more common, causing untold misery across the UK. Below we tell you what exactly smishing is, what it looks like and how you can protect yourself from this very modern criminal activity.

What is smishing?

At its heart, smishing is a criminal activity that relies on human trust. It takes the form of a text message (SMS) to your mobile phone that usually contains a link. By clicking on that link, you will be taken somewhere that tries to extract personal details that can be used to access your bank account or make purchases on your behalf. The link can also lead to software being downloaded onto your phone (malware) that opens up its security so personal details can be gathered that way.

Smishing vs phishing

It can be hard to keep up with all these latest technology jargon, but you may have also heard about ‘phishing’. This is a longer established form of criminal activity where your personal details are stolen via an email rather than text message.

We all know about spam emails but some of these are purely trying to sell you something without criminal intent. The really nasty phishing variety are usually fairly convincing, seem to be from your bank or a retailer and link you to a site where the process of stealing your data begins.

What is a smishing attack?

Like their phishing cousins, smishing attacks are usually sent out in large waves to a stolen database of numbers. They will look convincing and contain an urgent message that leads the reader to think that not clicking on a link could result in the loss of money, a closed bank account or a parcel that will never be delivered.

Smishing is even more dangerous than phishing at the moment, as fewer people are aware that it takes place and it can take longer to detect. The personal nature of a phone means we’re also likely to put more trust in a text message. After all, how did someone get our number?

Types of smishing attacks

Every smishing attack starts with a text message or even a message on Whatsapp or other communications apps. But after that, their forms can vary with the overall aim of gaining your trust and making you click.

Smishing attacks play on our emotions whether that's fear, greed or simple confusion. The subject matter is often related to finance, but could also be a message from a customer service team or news that you have won a competition. Do you remember entering anything?

Parcel tracking has been particularly common as a smishing subject recently and there are still many Covid-related smishing attacks taking place. Criminals just don't care about the sensitivity of the subject as long as they get your money.

How to prevent smishing

It's easy for us to say "don't click on the link", but smishing attacks can be very clever and you’ll also receive genuine messages amongst the fraudulent ones.

There are some tell-tale warning signs to watch out for:

  • Spelling errors can be a giveaway, particularly if they don't quite get your personal details correct
  • Unknown or suspicious numbers means the links should be avoided
  • Genuine banks and insurers do not ask for details by text so never give them
  • Never click on anything that starts with the message ‘This is not a scam’
  • Requests to send money should always be ignored
  • Never heard of the sender? Chances are it’s fraudulent.


If you have any doubts about a text message, check the number it came from. If that is hidden or has a spam warning then don't click on it. If you do have a number then run it through a web search to see if anyone has already been scammed. Likewise, search for the wording of the message to see if it is a common example of smishing. There are lots of useful sites where people report fraud and you can learn from their experiences. Play your part by reporting any phishing attempts and deleting the malicious messages.

What to do if you’re a victim of a smishing attack

Act quickly. Get in touch with your bank or insurer and freeze the account (some banks are very good at picking up on suspicious behaviour and may have already done this).

Download and run antivirus software for your device so any malware is eradicated. Use 2 factor authentication to avoid future attacks. Basically that means criminals need two pieces of information in order to access your files. It should be available with most of your apps and password protected web pages.

Finally, report the smishing attack to Actionfraud 0300 123 2040. You can also find out more about reporting fraud with this article.

We will never completely get rid of criminal behaviour, but we can educate ourselves to reduce the impact of smishing. Don't click on that link without checking first.