Here's what smishing means as reports of text message scams jump - and how it differs from phishing

By Helen Johnson
Tuesday, 14th September 2021, 10:54 am
Reports of ’smishing’ scams have jumped in the first six months of 2021, according to Which? (Photo: Shutterstock)
Reports of ’smishing’ scams have jumped in the first six months of 2021, according to Which? (Photo: Shutterstock)

Reports of ’smishing’ scams have jumped in the first six months of 2021, according to Which?

But what is ‘smishing’ and what are the scam signs to look out for?

Here’s what you need to know.

What is smishing?

Phishing is the fraudulent practice of sending emails pretending to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

‘Smishing' is SMS phishing scams, which instead involve texts often pretending to be from banks, delivery companies and phone networks.

Which? said figures from Proofpoint show reports of smishing in the UK increased by nearly 700% in the first six months of 2021, compared to the second half of 2020.

This has been driven by scammers looking to take advantage of Covid pandemic-related shopping trends, such as people getting more deliveries to their homes and the increase in businesses sending texts to customers.

The figures suggest there is a three-to-one ratio of parcel smishing attacks to banking smishing attacks.

Voicemail smishing, which is where scammers send a text pretending to have a link to a voicemail, is a more recent technique.

Since establishing its own “scam sharer” tool in March 2021, Which? has received more than 9,000 reports to the tool.

Two-thirds (65%) of reports have been phone call or text scams, with 31% being scam texts specifically.

Which? research found seven in 10 (71%) people say they do not trust text messages from companies to be free from scam risks.

What can businesses do to protect customers from smishing?

Fraudsters can trick people into disclosing their personal, banking and account details, often by impersonating mobile phone operators themselves and offering upgrades.

Reports have also been received of criminals using other communications methods, such social media platforms, to impersonate mobile phone companies.

Which? has published an SMS best practice guide for businesses to help protect their customers from potential fraud.

The consumer group also suggests that businesses should avoid hyperlinks where possible and not include phone numbers.

Rocio Concha, Which? director of policy and advocacy said: “Smishing attempts have risen dramatically – with fraudsters taking advantage of the pandemic to trick consumers into giving away personal details and transferring their hard-earned cash.

“Businesses must play their part to protect people from scams.”

Cifas’ head of fraud intelligence Amber Burridge said: “If you receive a call from someone purporting to be a mobile phone company offering you a new mobile phone or an upgrade, always be sceptical and challenge the caller.”

Gareth Elliott, head of policy and communications at Mobile UK, said: “We urge customers to remain vigilant and to help us act by texting reports of nuisance SMS to 7726, and reporting suspicious calls.”

Proofpoint operates the 7726 text service that enables people to report spam texts for free, and collects data on those reports categorised as smishing.