Smishing: A Top Cyber Security Risk

 

What is it?

Smishing is a cybercrime tactic where attackers use deceptive text messages to steal personal, financial, or login information, often pretending to be trusted brands, banks, or government agencies.

These messages may urge you to click malicious links or call fake support numbers.

 
 

The Risks:

Phishing (email)/vishing (phone messaging)/smishing (text) is one of  the leading cause of cyber security breaches, and  a major path into organisations.

Around 60%+ of breaches involve the human element* – that is people being tricked, making mistakes, or having credentials stolen. These carefully crafted, “believable” messages are still the leading cause of social-engineering incidents and a major path into organisations. 

What's more, AI tools have massively boosted volume and realism of phishing email scams, contributing to billions in losses globally.**

*The 2025 Verizon Data Breach Investigations Report (DBIR) delivers a clear warning: nearly 60% of breaches involve a human element, whether through error, manipulation, or malicious misuse.

** https://app.stationx.net/articles/phishing-statistics


What this can look like:

  • Fake Delivery/Bank Alerts: Texts claiming a package is delayed or an account is frozen, asking you to "verify" details via a link - don't click it!


  • Urgency and Fear: Messages often demand immediate action to avoid penalties or account suspension - this is a scare tactic.


  • Prize Scams: Notification of winning a lottery or gift, requiring a "small fee" or personal information to claim it.


  • Malware Installation: Links may install malicious software on your phone to steal data.


  • Odd Senders: Messages may come from unknown numbers.

 

Precautions you should always take when messaging:

  • Do not click: Never click on links in text messages from unknown, Caller ID, or suspicious senders.

  • Verify independently: If a message claims to be from a company, contact that company directly through their official website or app, not the link provided.

  • Don't reply: Never reply to a suspected smishing text, as this confirms to your attacker that your number is active.

  • Report the message: Instead of just deleting, use your phone's "Report Junk" feature or notify your carrier, and consider reporting to authorized agencies.

Looking for expert IT advice, without the jargon?

We're here to keep your IT Stress-Free 😌

📞 Speak to David, Martin, or Siobhan at 

0141 530 2007
📧 Or email:
David@aquait.co.uk

Subscribe to The Stream for more reviews, IT and cybersecurity tips and updates:

Next
Next

Our No-Jargon Review of the New MacBook Neo