Skip to main content


Smishing (a combination of the words SMS (text message) and Phishing) is a scam where fraudsters send text messages to random mobile phones.  The text messages claim to come from a reputable organisation such as a bank, card issuer or a service provider e.g. a mobile phone company.

The message will typically ask you to click on a link to a website or to call a phone number in order to “verify”, “update” or to “reactivate” your account. The website link leads to a bogus website and the phone number leads to a fraudster pretending to be the legitimate company. The criminal attempts to get you to disclose personal, financial or security information, which will then be used to steal your money.

Similar to phishing, the messages often attempt to alarm you, claiming that urgent action is needed or it will have negative consequences.

Key Advice

  1. Do not respond to unsolicited text /SMS messages before independently validating that it is from the company it says it is from. You can do this by:
    • Looking up the organisation’s phone number (by using the phone book or their website) and make contact directly with them to validate.
    • Do not validate the texter using a phone number they have given you in the text (this could be a fake number)
  2. Do not click on a link, attachment or image that you receive in an unsolicited text without first verifying that the text is legitimate and that you understand what you are clicking on.
  3. Don’t be rushed. Take your time and make the appropriate checks before responding.
  4. Never respond to a text message that requests your 4 digit card PIN or your online banking password or any other password.
  5. If you think you might have responded to a smishing text message and provided your bank details, contact your bank immediately