What Is Smishing? How to Report Phishing Text Messages

Text messages catch people when they are busy, distracted, or already half-expecting a delivery, an OTP, or some kind of account alert. It takes about two seconds to read, and that is exactly why these scams work. 

Imagine this: you get a text saying your parcel could not be delivered. 

Or your bank needs you to confirm a payment. 

Or HMRC owes you a refund, but only if you tap the link now. 

The UK police warned in 2025 that criminals are using “SMS blasters” to send scam texts to nearby phones without needing the victim’s number, while a 2025 study of 1.35 million reports sent to 7726 found that text messages made up the vast majority of user reports and that a large share of unique texts were outright scam messages. 

This guide breaks it down plainly. 

We’ll cover what smishing is, what phishing text messages usually look like, how to report them in the UK, what to do if you already clicked, and how to make it less likely you will get caught out next time. 

What is Smishing? 

Smishing is phishing done by text message. It is a scam where a criminal sends an SMS or mobile message designed to trick you into clicking a link, calling a number, downloading something, or handing over personal or financial information.  

The word is just a blend of SMS and phishing. 

The goal is usually the same as email phishing: steal your logins, bank details, card information, or enough personal information to scam you later. 

What makes smishing especially effective is the phone itself. Links are shorter, screens are smaller, and people tend to trust texts more than random emails. 

In real life, a smishing scam usually pretends to be one of a few familiar things: 

• a missed delivery notice  
• a bank fraud check  
• a tax refund or government payment  
• a parking, toll, or fine alert  
• a “wrong number” message that tries to start a conversation  

That last one catches people off guard. 

The same 2025 study found that “wrong number” scams were the most popular scam type in the sample they classified. 

In other words, not every smishing text looks like a fake bank or delivery message anymore. Some are designed to feel casual first, dangerous later.  

What Phishing Text Messages Look Like? 

Most phishing text messages try to create urgency, pressure, or curiosity. If a message wants you to act fast, feel worried, or click without thinking, that is already a red flag. Here are the most common signs: 

The text asks you to click a link immediately 

The text says your parcel is delayed, your bank account is at risk, or your refund is waiting, and there is a link right there ready to tap. 

The whole design is built around speed. The scam only works if you react before you slow down and think.  

It pushes panic or urgency 

They say things like “respond now,” “account suspended,” “payment failed,” or “refund expires today.” 

Pressure tactics are one of the clearest warning signs, and UK fraud experts made the same point about phishing links sent by text.  

The text tells you to call or reply to a number in the message 

A good rule is simple: do not call the number inside the text. If the message claims to be from your bank, delivery firm, or mobile provider, go through the official app, website, or card on the back of your bank card instead. 

Contact your financial institution through official channels rather than numbers sent in the message. 

It looks almost right, but not quite 

Sometimes the wording is odd. Sometimes the sender name feels generic. Sometimes the link looks slightly off. 

And sometimes it looks completely convincing. 

That is the uncomfortable part. SMS blasters let criminals control the whole message and make it look like it came from a genuine organisation. 

So “it looked real” is no longer proof that it was safe. 

How to Report Phishing Text Messages in the UK? 

If you get a phishing text message in the UK, the simplest first step is to forward it to 7726. That helps your mobile provider investigate the number and block similar scam messages. Here is the practical order to follow: 

• Do not click, reply, or call back 

Pause first. 

Do not tap the link “just to check.” Do not call the number in the message. Do not reply YES, NO, STOP, or anything else. The safest move is no engagement at all.  

• Forward the text to 7726 

This is the UK’s standard reporting route for suspicious text messages. 

7726 is a free reporting service, and suspicious texts can be forwarded there for investigation. 

• Block the sender 

Once you have forwarded it, block the number or sender if your phone allows it. 

This will not stop every scam text, but it reduces repeated contact from the same source and makes the message easier to move on from.  

• If it impersonates your bank or a real company, contact them through official channels 

Use the official app, website, or verified phone number. 

Not the one in the message. 

This is one of the most important habits in the whole article. It is also one of the clearest pieces of advice in bank scam coverage: always go to the institution yourself, rather than letting the suspicious text direct the conversation.  

What to Do if You Already Clicked a Link? 

If you already clicked a smishing link, act quickly rather than panicking. The first priorities are to protect your money, secure the affected account, and stop using the scam message as your source of information.  

Start with the most urgent thing. 

If you entered bank or card details, contact your bank immediately 

Do not wait to “see what happens.” 

If you fall for one, alert your bank straight away and get help stopping further money leaving the account. Monitor the account closely afterwards for anything unusual.  

If you entered a password, change it 

Change the password for that account immediately. 

Then change it anywhere else you reused it. Broader cybersecurity advice on compromised accounts consistently recommends fast password changes and unique passwords, especially when the attacker may already have captured login details.  

Use official websites and apps only from that point on 

Do not go back through the text. 

If you need to check your bank, delivery account, or mobile provider, open the official app yourself or type the official website manually. That breaks the scammer’s control of the situation.  

Keep an eye on follow-up scams 

This is the part many people miss. 

Once someone has clicked once, scammers may follow up with calls, emails, or more texts pretending to “help.” Be extra suspicious of any contact that comes after the first message, especially if it asks for more information or tries to rush you again.  

Conclusion 

To wrap up, smishing is just phishing by text but because it lands on the device you use all day, it can feel more believable and more urgent than an email. That is exactly why it works. 

The best protection is not technical genius. It is a simple routine: slow down, do not tap the link, forward the text to 7726, and go through the official app, site, or bank number yourself. 

UK police, fraud experts, and reporting data all point in the same direction: scam texts are still getting through, and they are getting better at looking normal.  

That said, once you know the pattern, they become much easier to spot. 

And that one habit: verifying independently instead of trusting the message is often the difference between a nuisance and a real loss.