Smishing: A Top Cyber Security Risk
What is it?
Smishing is a cybercrime tactic where attackers use deceptive text messages to steal personal, financial, or login information, often pretending to be trusted brands, banks, or government agencies.
These messages may urge you to click malicious links or call fake support numbers.
The Risks:
Phishing (email)/vishing (phone messaging)/smishing (text) is one of the leading cause of cyber security breaches, and a major path into organisations.
Around 60%+ of breaches involve the human element* – that is people being tricked, making mistakes, or having credentials stolen. These carefully crafted, “believable” messages are still the leading cause of social-engineering incidents and a major path into organisations.
What's more, AI tools have massively boosted volume and realism of phishing email scams, contributing to billions in losses globally.**
*The 2025 Verizon Data Breach Investigations Report (DBIR) delivers a clear warning: nearly 60% of breaches involve a human element, whether through error, manipulation, or malicious misuse.
** https://app.stationx.net/articles/phishing-statistics
What this can look like:
Fake Delivery/Bank Alerts: Texts claiming a package is delayed or an account is frozen, asking you to "verify" details via a link - don't click it!
Urgency and Fear: Messages often demand immediate action to avoid penalties or account suspension - this is a scare tactic.
Prize Scams: Notification of winning a lottery or gift, requiring a "small fee" or personal information to claim it.
Malware Installation: Links may install malicious software on your phone to steal data.
Odd Senders: Messages may come from unknown numbers.
Precautions you should always take when messaging:
Do not click: Never click on links in text messages from unknown, Caller ID, or suspicious senders.
Verify independently: If a message claims to be from a company, contact that company directly through their official website or app, not the link provided.
Don't reply: Never reply to a suspected smishing text, as this confirms to your attacker that your number is active.
Report the message: Instead of just deleting, use your phone's "Report Junk" feature or notify your carrier, and consider reporting to authorized agencies.

