Welcome back!
You left some items in your basket.
Go to BasketHow to spot and report a smishing attempt
If you own a phone, chances are you’ve been on the receiving end of a smishing attempt. Read on for how to identify a fake text, how to report it, and how to limit the amount of nuisance or scam text messages you or a family member receive.
If you’ve been a victim of fraud, please contact Action Fraud – the National Fraud & Cyber Crime Reporting Centre.
First things first, what is ‘Smishing’?
Smishing is a type of phishing scam that attempts to trick users into giving over private information through an SMS (text message), or getting the receiver to follow a link embedded in the text message, which then downloads harmful software onto your device.
Josh Daniels, from our Tesco Mobile Cyber Team, says:
“Never click the link in a suspicious text message to check if it’s genuine or not. The link may send you to a fake payment page or app to steal your personal data.” Josh adds that the “worst case scenario of installing a fake app from a link could lead to spyware being installed on your phone with the spammer now having access to your information and contacts.”
Like other forms of phishing, smishing is a social engineering tactic where scammers try and gain your trust by mimicking trusted sources, such as your mobile network or bank, and get you to hand over your data. Fortunately, there are ways to spot incoming smishing attempts.
What does a phishing text look like?
Phishing texts might look like normal texts from a brand or organisation. They might try and identify as the brand in question, or they may spoof the sender name to resemble a company and make themselves look more authentic. Sometimes, smishing texts will look a bit shoddy and include spelling errors, strange formatting, or otherwise look off. Others, however, look for more polished.
Some warning signs that a message is not from the place it’s claiming to be:
- Are you being offered something, usually money, and is what you’re being offered too good to be true?
- Is the text asking for money, or suggesting you owe money?
- Does the text try and create urgency, suggesting that something ‘illegal’ has taken place or that there will be consequences for not responding to the text?
- Does the text claim there’s a problem with a payment method, or that an account you own is exhibiting ‘suspicious activity’?
What do our Cyber Team say?
“The people behind a phishing message are trying to provoke a gut reaction from you known as the flight or fight response by sending you communications on things such as payments required to receive goods, payment overdue or fraud on your account. These are designed to make you feel a sense of fear, pressure, stress or even curiosity to manipulate you into clicking.
When you receive a communication like this that’s compelling you to take action, wait just 6 seconds. Take that time to analyse the communication based on our top tips listed below. My number one tip however is to ask yourself the question - "Were you expecting this message?" if not, there’s a high chance its a phish.”
How to confirm if the text is authentic
If you’re in any doubt over whether a text you’ve received from a company is legitimate, you can usually find guidelines on the organisation’s website.
For example, this smishing attempt claiming to be from the Royal Mail claims a settlement fee is needed to avoid a parcel being sent back.
According to the Royal Mail’s own guidance, they will never text you asking for money. Companies will often also list common scam emails or text messages they’re aware of, so it’s good to check online first and compare the message you’ve received to known spam or harmful SMS messages.
How to block the spam messenger and report the text
If you think the text is attempting to scam you, you can send the text to NCSC by forwarding it to ‘7726.’ The NCSC will then follow up and ask you to copy in the sender’s number.
To block a number after you’ve reported it, you can often do that directly from the SMS window. To do it manually, follow these instructions for blocking a number on either Android or iOS.
To block a number on Android, which will stop all calls and messages from the blocked number:
1. Open your ‘Phone’ app and tap the ‘more options’ menu at the top – signified by three vertically stacked dots.
2. Select ‘Settings’ from the menu.
3. Select ‘Block Numbers’
4. Enter the number you want to block in the ‘Add phone number’ field and press the ‘+’ icon.
5. If you want to unblock a number, you can do so using the red ‘-‘ icon next to the number you want to unblock.
In addition to blocking numbers manually, you can opt to block all unknown callers from the same menu.
1. Open your Settings app.
2. Scroll down to ‘Phone’ and open it.
3. Tap the toggle next to ‘Silence Unknown Callers.’