How to Report SMS Phishing?
SMS phishing is rising. Here’s how to report it effectively, no matter your country or device. Learn how to forward smishing attempts and protect your data, whether you're in the UK, US, or elsewhere.
2024-10-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
SMS phishing or smishing is on the rise, and scammers are constantly adapting their methods. Whether it's an alarming message about your bank account or a fake delivery notification, smishing attacks try to trick you into clicking on malicious links or sharing sensitive information. But don’t worry—there are clear steps to take when you receive one of these fraudulent messages.
Here’s a breakdown of how to report SMS phishing, split by country and device to help you stay secure, wherever you are and whichever device you use.
What to Do When You Receive a Smishing Attempt
Before diving into country and device-specific guidelines, let’s quickly cover what everyone should do when they receive a suspicious SMS:
- Do not click any links or respond to the message.
- Do not provide any personal or financial information.
- Take a screenshot of the SMS for future reference.
- Report the message to your mobile carrier, relevant authorities, or your company’s security team.
- Delete the SMS once it has been reported.
How to Report SMS Phishing: Country Breakdown
United Kingdom (UK)
In the UK, reporting phishing SMS is quite straightforward:
- Forward the message to 7726 (SPAM), which is a free service provided by most UK mobile networks (EE, Vodafone, O2, Three).
- Alternatively, report the phishing attempt to the National Cyber Security Centre (NCSC) via their official website.
- If the message is pretending to be from your bank or a well-known company, contact them directly to inform them of the phishing attempt.
For more detailed information about combating SMS phishing, read our comprehensive Smishing guide.
United States (US)
In the US, you can report smishing attempts in several ways:
- Forward the message to 7726 (SPAM) for major mobile carriers like AT&T, Verizon, and T-Mobile.
- Report the phishing attempt to the Federal Trade Commission (FTC) via their website, which collects data on scams for broader consumer protection.
- Some phishing attempts may involve financial fraud. If so, report the incident to the FBI's Internet Crime Complaint Center (IC3).
Canada
For Canadian users:
- Forward the message to 7726 (SPAM) for all major Canadian carriers.
- Report the incident to the Canadian Anti-Fraud Centre via their website or by phone.
Many scams in Canada are also reported through provincial law enforcement, so check with your local police service.
Australia
In Australia, here's what to do if you encounter a phishing SMS:
- Forward the message to 0429 999 888 provided by the Australian Communications and Media Authority (ACMA).
- Report it to the Australian Cyber Security Centre (ACSC) through their Scamwatch platform.
In Australia, large-scale smishing campaigns may also be reported directly to your bank or company.
European Union (EU)
Different EU countries may have specific reporting mechanisms, but in most cases:
Forward the message to 7726 (SPAM) in countries like France, Germany, and Spain.
Use official national cyber security resources, such as Cybersecurity Incident Response Teams (CSIRTs), to report more advanced or harmful phishing campaigns.
Your local mobile provider can often help in redirecting reports to the appropriate authorities.
Reporting SMS Phishing Based on Devices
iOS Devices (iPhone and iPad)
If you're using an iPhone or iPad, Apple makes it easy to report phishing messages:
- Screenshot the message to keep a record of it.
- Forward the message to 7726 (SPAM).
- Block the number that sent the message: go to the SMS, tap the contact at the top, then select "Block this Caller."
- Report the message to Apple by forwarding it to reportphishing@apple.com.
- Use Apple’s support page for further steps if you suspect a data breach or security issue.
Android Devices
On Android devices, reporting SMS phishing is just as straightforward:
- Screenshot the message.
- Forward the message to 7726 (SPAM).
- Use Android’s built-in tools: open the SMS app, tap and hold the message, and select "Report Spam" or "Block." This sends the report to Google and helps block further phishing attempts.
- If the phishing attempt is linked to a well-known app or company, report it to the Google Play Protect team via the Play Store.
Report SMS Phishing to Communities
Keepnet
One of the most effective ways to combat phishing and smishing is through community-driven threat intelligence. Keepnet provides a unique Threat Sharing Platform that allows organizations to collaborate on identifying and stopping phishing attacks. By contributing to a shared database of phishing threats, businesses can quickly detect new phishing tactics and apply preventive measures.
Keepnet offers an SMS phishing simulator and security awareness training product to help companies train employees to recognize smishing attempts. These tools also gather data on phishing trends and help inform the larger community about emerging threats, making it easier to defend against phishing collectively.
Other Cybersecurity Communities
In addition to Keepnet Labs, there are several cybersecurity communities and platforms where you can report SMS phishing to help spread awareness and prevent further attacks:
- Anti-Phishing Working Group (APWG): A global coalition of institutions, corporations, and government entities working to combat phishing, smishing, and other cybercrimes. You can report phishing attacks and participate in discussions on the latest threats.
- Scamwatch (Australia): Managed by the Australian Competition and Consumer Commission (ACCC), Scamwatch collects information on phishing attacks, fraud, and smishing campaigns and shares them with the public.
- National Cyber Security Centre (NCSC) (UK): The NCSC encourages businesses and individuals to report phishing attempts, including smishing. It also provides resources on how to handle such attacks and protect your devices.
- Fraud.org (US): A project of the National Consumers League, Fraud.org allows users to report various fraud attempts, including SMS phishing. These reports help identify large-scale phishing campaigns.
By reporting phishing to these communities, you contribute to a collective defense strategy that helps everyone stay secure. Communities like these gather threat intelligence, share insights across organizations, and foster a more collaborative approach to cybersecurity.
Why Reporting SMS Phishing is Important
Reporting SMS phishing is not just about protecting yourself—it's about helping to create a safer digital environment for everyone. When you report a phishing attempt, you contribute valuable data that allows authorities, telecom companies, and cybersecurity teams to track, analyze, and shut down phishing operations more effectively. These reports help identify trends, discover new tactics, and prevent other people from falling victim to the same scams.
In 2024, the UK has seen a significant rise in various types of phishing attacks, including smishing (SMS phishing), quishing (QR code phishing), and voice phishing. This increase highlights the urgency of regular reporting. With phishing tactics evolving constantly, timely reports give organizations the insight they need to stay ahead of attackers. Moreover, your reports can trigger public alerts and help strengthen network filters, reducing the spread of malicious links and fake messages.
By taking the time to report a phishing attempt, you’re actively contributing to the fight against cybercrime, helping both individuals and organizations avoid costly breaches, data theft, and financial loss. The more reports authorities receive, the better equipped they are to dismantle phishing networks and protect the broader community from future attacks.
Get Smishing Awareness Training with Keepnet
For businesses, cybersecurity awareness training can boost organizations’ defenses by up to 92%. Incorporating smishing simulations and ongoing security awareness programs are great ways to minimize human error, a key entry point for attackers.
Get a free trial of our phishing simulation tool or request a personalized demo today to protect your company from smishing and other threats. Empower your employees to identify and report SMS phishing attempts like a pro!
SHARE ON