Skip to main content Accessibility Statement
How to spot and report fake text message and smishing scams

How to spot and report fake text message and smishing scams

Back in the day, if a company wanted to get in touch they’d send you a letter, or maybe give you a phone call. These days there are loads of ways of being contacted and this has given scammers plenty of opportunities to target you.

We’ve all become aware of fake emails, but now you could be targeted by text message scams as well, called smishing.

So, what is smishing, how can you spot it and what should you do if you’ve been targeted?

What is smishing?

You receive a text message, commonly from your bank, telling you there’s a problem with your account, issues with making a payment or some suspicious activity.

The text will contain a link for you to click or a number to call to sort out whatever the problem is. Action Fraud has some examples here.

If it’s a link, it will direct you to a fake website which will harvest your bank login information.

If there’s a phone number, it won’t be your bank and the scammer on the end of the line will try to get you to reveal information such as passwords and PINs.

Fraudsters won’t just pretend to be your bank. Sometimes they’ll claim to be from an online account such as PayPal, or a service you subscribe to, such as Netflix. Fake text message scams have also been reported targeting customers of government organisations such as HMRC and the DVLA.

Is a text from a company always a scam?

No, many companies, including your bank, might contact you through text message.

This is why it’s important to know how certain companies might try to get in touch with you. You can normally select your contact preferences, such as phone call, email or text message, in your profile.

How to spot a smishing scam

Smishing can be difficult to spot, particularly if it’s someone who would normally contact you by text.

But, like email scams, there are some tell-tale signs. For example, there might be spelling mistakes, or the text might address you as 'Sir' or 'Madam'. Real messages from these companies will usually address you by your full name.

You can also look at the phone number it’s been sent from. First, it won’t be the same as the one on your bank card. Second, it might be sent from an overseas number. You could also do a search for it online. If it’s a known fake number there’ll be information on the internet.

If in doubt, ring the number on the back of your card to check if they've been in touch recently. 

How to avoid getting scammed by fake text messages

The best way to avoid being a victim of smishing is to be wary of any text message you get.

Never click any links in texts. If in doubt, go directly to the website and login as normal. If there really is a problem you’ll have a message on the website telling you what to do.

If you do click the link, be vigilant. Many scammers have developed very close replicas of genuine websites to fool you. But there’ll be some signs it’s not legitimate, such as odd spelling in the web address, or low-quality graphics.

If there’s a number for you to call, check it matches with the one on the back of your debit or credit card. If in doubt, call the number on your bank card to find out if there’s an issue.

How to report scam text messages and smishing scams

If you have received what you believe to be a fake text message or smishing scam, then you should report it to the company who allegedly sent you the message. This’ll give them the chance to alert other users to the risks.

Some organisations even have a dedicated email address for you to report potential scams to.

If you’ve been a victim of a smishing scam, then you need to report it to Action Fraud by called 0300 123 2040, or by using their online form.

How to protect yourself against smishing scams

The most important thing you can do is never click on links in suspicious texts or call the phone number in the message.

But, if you do, never give out personal details under any circumstances.

No legitimate company is going to ask you to reveal personal or security information over the phone. Under no circumstances tell a caller your PIN, password or any other piece of information that could compromise your account.

Another safety tip is to know how certain companies will address you. Legitimate companies will normally address you by your full name as a way of helping you spot fraudulent messages.

Scammers probably won’t know your full name, so will use something generic such as Sir, Madam or valued customer.

It’s also a good idea to keep anti-virus software and operating systems up-to-date. These will help protect you if you do end up on a fake website that’s trying to harvest your information.

What do you think?

We really want you to share your views, but please remember to be nice ☺
All fields are required. Check out our full commenting guidelines

By clicking on 'Post Comment', you're agreeing to our Commenting Policy