top of page
  • info203219

SMS Phishing, is it on the rise?

Last Friday I tweeted about a family member receiving a SMS phish. SMS phishing (also known as smishing) is very similar to email phishing and the first known case was in 2008. Instead of the phishing attacks going to your email address, they’re sent to your mobile device as a text message and we also see similar attacks using messaging apps such as WhatsApp.

The SMS phish in this case appeared to come from 'HMRC' (Her Majesty's Revenue and Customs is a non-ministerial department of the UK Government responsible for the collection of taxes). The text message was:

The recipient was obviously over the moon to receive a text message stating they were getting a tax refund from HMRC. I must point out that this individual is well aware of the dangers around email phishing, but due to this being a text message they’d believed it to be genuine. They hadn’t recognised the tell tail signs of a phish! In this case: reinforcing they’re going to a secure link, acting as an authoritative figure (HMRC), playing on the fact we’ve just started 2020 and using an exciting and enticing hook (who can resist free money?).

As a result, I wanted to take a moment to think about whether SMS phishing is on the rise. There are two angles that I’m going to consider as the cause of an increase: an increased awareness of email phishing attacks and an increase in investment in sophisticated email phishing detection and blocking capabilities.

Phishing emails have been front and centre as a security awareness theme for many years now, with most large organisations running phishing campaigns, pushing out communications and training highlighting how to detect phishing emails. But due to this focused education on phishing emails alone, many people are totally unaware that SMS phishing exists. Several of our clients have stated they seem to be seeing more SMS phishes, with some pretty convincing Whatsapp ones, too! WhatsApp has been used for other attack vectors, such as the alleged hacking of Amazon CEO Jeff Bezos via a WhatsApp vulnerability that appeared in the news today. The vulnerability was patched last year but it shows that even the technically savvy can be attacked.

It is important for people to understand that phishing - whether its email, SMS, voice, letter etc - is a form of social engineering and that social engineering can occur through any form of communication.

Another contributing factor that may have caused a rise in SMS phishing is that email service providers, and organisations, have invested a huge amount of time and money into detection and blocking capabilities for phishing emails. As a result, cyber criminals have shifted to a communication method that we aren’t as educated or protection on. Mobile devices do not yet have the same level of protection and therefore, most SMS phishes will come through. It’s then up to you to detect them! This gives the criminals greater scope for what the SMS phish contains and the level of complexity.

It is also worth considering that a mobile number is much easier to brute force than an email address. In the UK’s case you could type any random 11 digit number (starting with 07) and it’s likely it would be received. Cyber criminals are no longer having to go to the trouble of harvesting or purchasing emails to target, they can quite literally just make them up.

The reason I question whether it is on the rise is because it is tricky to quantify and compare the number of SMS phishes to phishing emails. When it comes to phishing emails most organisations have robust processes and technology solutions in place for reporting and as a result have fairly accurate statistics. However, who do people report SMS messages to, is anyone tracking them? Does your organisation run SMS phishing campaigns and collect data on SMS phishes?

Some of our top tips for detecting SMS phishing attacks are:

  • Legitimate organisations will not send you a text message asking you to share personal or financial information

  • Do not post your mobile number on social media and avoid giving it out when it’s not required

  • If you’re contacted by your bank or a body like HMRC, always call them directly on a number you trust (for example the number on the back of your bank card)

  • If you receive a communication that you’re not expecting (whether by email, phone call, SMS message or any other way) that is asking you to do something and makes you feel emotional (happy, panicked, embarrassed or anything else), be aware this could be social engineering

  • Avoid clicking links you’re unsure of (clicking the link could infect your device with malware) but instead go directly to the source; in the example above, I told my family member to go to the HMRC website rather than click the link



Jeffrey Glenn
Jeffrey Glenn

I appreciate Henry for making me realise the truth to a certified hacker who knows a lot about what he is doing. I strongly recommend you hire him because he’s the best out there and always delivers. I have referred over 10 people to him and all had positive results. He can help you hack into any devices, social networks including – Facebook, Hangout, iMessages, Twitter accounts, Snap chat , Instagram, Whatsapp, wechat, text messages ,smartphone cloning,tracking emails and also any other social media messenger or sites. It’s advisable to hire a professional hacker.Thank me later. Contact him here., and you can text, call and Whatsapp him on +1(201)4305865, or +1(219)7960574.....


Agnes Lizzy
Agnes Lizzy

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…


Janet Lucy
Janet Lucy

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, and you can text, call him on whatsapp…

bottom of page