With a smartphone being in the pocket of 92% of UK Citizens, the appeal of Smishing attacks continues to grow for Cyber attackers.

Smishing is where an attacker will send a text message to a collection of people’s mobile phones. These messages pose as legitimate and often contain a link to a malicious website that is designed to trick you into entering your personal information. Smishing is primarily done through SMS messaging, however, has evolved to also target popular online messaging services, such as WhatsApp.


Smishing attacks will often replicate legitimate messages where it would be normal to expect personal details to be required. These include notifications from public services (such as the NHS, HMRC and GOV UK) financial institutions (such as your bank) or delivery companies (such as DPD and Royal Mail). These messages will often be short urgent messages that require you to do something in order to prevent a negative event from happening. A common example of this is you are required to provide your details to release a package to prevent it from being returned to the depot.


With the current cost of living crisis and a rapidly changing political landscape, it is easy for Cyber attackers to exploit new schemes with confusing smishing attacks. An example of this is shown in the photo below,

This message claims to be from GOV-UK offering £400 to support you with your energy bill. This message is believable as the UK government is currently offering a scheme which provides a £400 energy grant for all households. However, upon closer inspection, there are alarm bells to look out for that show the message is not genuine.

The first red flag is that the message has come from a random mobile number, a genuine government message would typically display as being sent from GOV.uk.

The main red flag is the link on the message. The link is to an unexpected .com domain. You can infer this from a quick search online for the government website using a trusted search engine (such as Google). This shows that all UK government websites use the gov.uk web address. Therefore, this link is not from the government and is a Cyber Attack.


It is nearly impossible to prevent yourself from receiving these malicious messages, however, they are harmless without your interaction. For the Cyber attacker to gain any of your information you have to provide it, either by replying to the message, clicking links within the message or downloading and opening any attachments sent. Simply deleting the message prevents any harm to your personal information and your smartphone.


If you have further questions or would like to speak to one of our experts about security for your business please contact us here.