How to Avoid SMS Phishing Scams

SMS phishing overtime has become very common, in fact research by Ofcom suggests that 7 in 10 people receive a text message scam. BDCU is here to help to provide you with useful money tips and how to beware of such scams!

What is SMS phishing?

This is when SMS text messages are used by cybercriminals to gain financial or personal data from you.

This SMS pretends to be from a reputable website or service provider, asking you to enter bank account details, or card information or even downloading malware onto your phone. Some services they often imitate are Royal Mail, Three, Apple accounts, and Sky. Also be aware that they can imitate your banking provider and you should always login to your bank directly, rather than follow the link.

Type of SMS phishing

Cybercriminals can try these scams in different ways like:

Credit card verification – these are fake texts sent by cybercriminals impersonating to be reputable credit card providers. The text might include them asking you to confirm a recent transaction by replying or clicking a link to enter your details.

Text charges – replying to a text from whoever a cybercriminal claims to be, can lead to you being charged a high SMS rate. Furthermore, you can potentially end up subscribed to automatic ongoing charges.

Competitions – you could receive a text from someone pretending to be a reputable company to join a competition. The text can include them wanting you to sign up or collect your reward by entering your personal information.

How to protect yourself from SMS phishing

Reduce the possibility of becoming a SMS phishing victim by:

  • Avoid replying to texts you don’t recognise. You can check if the number is legitimate by googling the number and checking if you will be charged for replying by contacting your mobile provider.
  • Avoid clicking on hyperlinks that are in the text or require you to enter sensitive details. Always go to the original company and login to their website or app to be sure you are not being scammed.
  • Remember a genuine company would not ask for sensitive data through text message. This includes your utility provider and especially your bank. These companies will never ask for sensitive details such as your financial, personal, and login data by text.
  • Fraudsters can imitate two-factor authentication code texts. Be careful whilst entering a two-factor authentication code into a website along with your login information.
  • Ensure your web filter alerts are on to make you aware of potential fraudulent content if directed to a website.
  • Another form of this scam is ‘Smishing‘ which comes to you via messenger services such as Whatsapp and Facebook, so beware of this.

How to get help:

If you are or suspect that may be a victim of SMS phishing, here are ways to get some help:

  • Replace your credit and debit cards by contacting your bank
  • Report a suspected text which you think is a scam by informing National Cyber Security Centre. You can forward it to 7726. If your provider is part of the scheme, the text will be investigated by them, and If it is a fraudulent text, they will block or ban the sender. If 7726 does not support your provider, contact your provider to find out how to report suspicious activity.
  • Report to the major fraud and cybercrime centre in the UK, Action Fraud.


The Credit Union runs a number of financial inclusion projects including ‘Money SOS’ workshops, Money tipsLoansFoodSavers, and UniformSavers. All are making a real impact on people’s lives. Give them a look!loan