Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
CE: All

Smishing (text message scams): what to do

Smishing is phishing delivered by SMS (text message). It is one of the most common scam methods targeting people in the UK, with over 45 million spam texts sent daily. This guide explains how to recognise smishing messages and what to do when you receive one.

A mobile phone resting on a wooden surface displaying a text message screen

What is smishing?

Smishing (SMS phishing) uses text messages to trick you into clicking a malicious link, calling a fraudulent number, or replying with personal information. Attackers send millions of messages at once, knowing only a small proportion need to succeed for the attack to be profitable.

  • Unlike email spam, text messages appear more personal and trustworthy
  • Attackers can fake the sender name or number to make messages look official
  • Messages may appear in the same thread as genuine communications from that company if the sender name is spoofed

The most common smishing scenarios in the UK

These are the scam types most frequently reported to Action Fraud in the UK:

  • Parcel delivery: "We tried to deliver your parcel. Pay £2.99 to reschedule", followed by a fake payment page
  • HMRC: "You have a tax refund of £XYZ. Click here to claim": HMRC does not send refund notifications via SMS
  • Bank fraud alert: "Suspicious activity on your account. Click here to verify": banks do not ask you to click links to verify
  • "Hi Mum/Dad" scam: someone claims to be your child with a new number, urgently needing money
  • Competition win: "You've won a prize. Click here to claim before midnight"
  • Mobile network: "Your account is suspended. Update your payment details now"

How to spot a smishing message

These characteristics appear in most smishing attempts:

  • A link that does not match the organisation's official domain
  • Urgency: a deadline, a threat of account suspension, or a limited-time offer
  • A request for personal or payment information you did not initiate
  • Unexpected contact from an organisation you do not have a relationship with
  • Grammar or spelling errors inconsistent with official communications
  • A phone number asking you to call back that is not the official number shown on the company's website

What to do when you receive a smishing message

How to respond without putting yourself at risk:

  • Do not tap any links in the message
  • Do not call any numbers in the message: find the organisation's official number via their website instead
  • Do not reply, even to "unsubscribe": this confirms your number is active
  • If you are unsure whether a message is genuine, contact the organisation through their official app, website, or phone number
  • Report scam texts by forwarding to 7726 (free on all UK networks)
  • Report to Action Fraud if you have lost money: actionfraud.police.uk or 0300 123 2040

Track your Android security progress. Free.

Create a free account to tick off tasks, see your Security Score improve, and know exactly what you've done and what's still to do.

Start your free security check
← Back to Android Security Hub