Top tips for protecting yourself against rising SMS phishing tactics

According to Will Evans, director at Performance Networks, the prevalence of SMS phishing – or rather smishing – is one of those newer approaches individuals and businesses need to be wary of. A report released towards the end of 2021 showed that 73% of the UK’s companies suffered data breaches that stemmed from phishing within the past year.

There are well-known and published lists of number ranges that a hacker can go through. There’s no protection against that, or from someone just guessing a phone number.

Mobile Networks have number ranges and, from there, a hacker can just make their way up the list. It’s an easy tactic and doesn’t take a lot of effort, especially when the message being pumped out has the potential to resonate with anyone.

Despite its prevalence, there’s not enough being done to educate employees within businesses because right now, smishing is much more a consumer issue than it is a business one. However, it is fully expected that this will change in the future.

Performance Networks give their top tips on protecting yourself below.

Educate on the issue

When we’re talking about protection, the first place to start is education.

Despite how prominent phishing and smishing is, the latest data shows that only one in five businesses deliver phishing training to their employees once per year.

The advancements in technology mean phishing can be made to look almost authentic and while we will review some of the best forms of protection out there right now, awareness and knowing what to look out for when it comes to phishing and smishing activity is key.


Identification is at the core of that. Being able to identify what is real and what isn’t.

Key giveaways

The best advice we can give is to think about the context those messages have come in and act accordingly.

Is the website you’re clicking through to Royal Mail or is it, in fact, just a lookalike designed to snare your details. The sender is a key giveaway as well. When you tap on the contact, is it your colleague’s email or one you’ve never seen before.

With smishing text messages, the distinction is harder to make. Typically, you’ll get a link and it could be shortened to disguise where it is going.

Report phishing attempts 

Rather than breathing a sigh of relief and moving on after swerving a phishing attempt, it’s important to report them.

The best location to do so is via the National Cyber Security Centre website.

The Government operates a 7726 text service that enables people to report spam texts for free, while

Which? launched its own scam reporter tool in March.

Mobile security protection methods

Internet security protection on your mobile phone is the single-best protection against smishing.

When it comes to SMS, the single-best protection is by having internet security on your phone. Small disclaimer: that internet security won’t pick up everything, but it is a vital layer.

The first place to start is with mobile security apps. They are, somewhat, effective on mobile phones, less so on iOS because of how Apple’s operating system is set up. There are anti-virus apps that sit in the background and monitor your internet activity. 

That sounds scarier than what it actually is – considering how the importance of privacy has grown recently. However, all it does is check the reputation of the links you’re clicking on or DNS requests that you’re making and will flag whether something looks suspicious. Lookout is a good example of that software. Bitdefender has an app, too.

Good account hygiene, like two-factor authentication, is a big part of that. For businesses, they can have a centrally-managed two-factor authentication. Performance Networks do something called Duo, which is a great tool for managing 2FA across your business and keeping it streamlined.

While SMS is growing, we can’t discount email. We live in a world where scammers and criminals are using several different tactics depending on the data they’re trying to get, a blend of both SMS and email in a frighteningly convincing way.

As a user, we’re required to have a multi-layered security approach – one that incorporates up to date education but also investment in software across our digital devices to ensure you, your business, or your staff, don’t fall foul of these tactics.