How to Report SMS Phishing?

SMS phishing is rising. Here’s how to report it effectively, no matter your country or device. Learn how to forward smishing attempts and protect your data, whether you're in the UK, US, or elsewhere.

2024-10-18

SMS phishing or smishing is on the rise, and scammers are constantly adapting their methods. Whether it's an alarming message about your bank account or a fake delivery notification, smishing attacks try to trick you into clicking on malicious links or sharing sensitive information. But don’t worry—there are clear steps to take when you receive one of these fraudulent messages.

Here’s a breakdown of how to report SMS phishing, split by country and device to help you stay secure, wherever you are and whichever device you use.

What to Do When You Receive a Smishing Attempt

Before diving into country and device-specific guidelines, let’s quickly cover what everyone should do when they receive a suspicious SMS:

Do not click any links or respond to the message.
Do not provide any personal or financial information.
Take a screenshot of the SMS for future reference.
Report the message to your mobile carrier, relevant authorities, or your company’s security team.
Delete the SMS once it has been reported.

How to Report SMS Phishing: Country Breakdown

United Kingdom (UK)

In the UK, reporting phishing SMS is quite straightforward:

Forward the message to 7726 (SPAM), which is a free service provided by most UK mobile networks (EE, Vodafone, O2, Three).
Alternatively, report the phishing attempt to the National Cyber Security Centre (NCSC) via their official website.
If the message is pretending to be from your bank or a well-known company, contact them directly to inform them of the phishing attempt.

For more detailed information about combating SMS phishing, read our comprehensive Smishing guide.

United States (US)

In the US, you can report smishing attempts in several ways:

Forward the message to 7726 (SPAM) for major mobile carriers like AT&T, Verizon, and T-Mobile.
Report the phishing attempt to the Federal Trade Commission (FTC) via their website, which collects data on scams for broader consumer protection.
Some phishing attempts may involve financial fraud. If so, report the incident to the FBI's Internet Crime Complaint Center (IC3).

Canada

For Canadian users:

Forward the message to 7726 (SPAM) for all major Canadian carriers.
Report the incident to the Canadian Anti-Fraud Centre via their website or by phone.

Many scams in Canada are also reported through provincial law enforcement, so check with your local police service.

Australia

In Australia, here's what to do if you encounter a phishing SMS:

Forward the message to 0429 999 888 provided by the Australian Communications and Media Authority (ACMA).
Report it to the Australian Cyber Security Centre (ACSC) through their Scamwatch platform.

In Australia, large-scale smishing campaigns may also be reported directly to your bank or company.

European Union (EU)

Different EU countries may have specific reporting mechanisms, but in most cases:

Forward the message to 7726 (SPAM) in countries like France, Germany, and Spain.

Use official national cyber security resources, such as Cybersecurity Incident Response Teams (CSIRTs), to report more advanced or harmful phishing campaigns.

Your local mobile provider can often help in redirecting reports to the appropriate authorities.

Reporting SMS Phishing Based on Devices

iOS Devices (iPhone and iPad)

If you're using an iPhone or iPad, Apple makes it easy to report phishing messages:

Screenshot the message to keep a record of it.
Forward the message to 7726 (SPAM).
Block the number that sent the message: go to the SMS, tap the contact at the top, then select "Block this Caller."
Report the message to Apple by forwarding it to reportphishing@apple.com.
Use Apple’s support page for further steps if you suspect a data breach or security issue.

Android Devices

On Android devices, reporting SMS phishing is just as straightforward:

Screenshot the message.
Forward the message to 7726 (SPAM).
Use Android’s built-in tools: open the SMS app, tap and hold the message, and select "Report Spam" or "Block." This sends the report to Google and helps block further phishing attempts.
If the phishing attempt is linked to a well-known app or company, report it to the Google Play Protect team via the Play Store.

Report SMS Phishing to Communities

Keepnet

One of the most effective ways to combat phishing and smishing is through community-driven threat intelligence. Keepnet provides a unique Threat Sharing Platform that allows organizations to collaborate on identifying and stopping phishing attacks. By contributing to a shared database of phishing threats, businesses can quickly detect new phishing tactics and apply preventive measures.

Keepnet offers an SMS phishing simulator and security awareness training product to help companies train employees to recognize smishing attempts. These tools also gather data on phishing trends and help inform the larger community about emerging threats, making it easier to defend against phishing collectively.

Other Cybersecurity Communities

In addition to Keepnet Labs, there are several cybersecurity communities and platforms where you can report SMS phishing to help spread awareness and prevent further attacks:

Anti-Phishing Working Group (APWG): A global coalition of institutions, corporations, and government entities working to combat phishing, smishing, and other cybercrimes. You can report phishing attacks and participate in discussions on the latest threats.
Scamwatch (Australia): Managed by the Australian Competition and Consumer Commission (ACCC), Scamwatch collects information on phishing attacks, fraud, and smishing campaigns and shares them with the public.
National Cyber Security Centre (NCSC) (UK): The NCSC encourages businesses and individuals to report phishing attempts, including smishing. It also provides resources on how to handle such attacks and protect your devices.
Fraud.org (US): A project of the National Consumers League, Fraud.org allows users to report various fraud attempts, including SMS phishing. These reports help identify large-scale phishing campaigns.

By reporting phishing to these communities, you contribute to a collective defense strategy that helps everyone stay secure. Communities like these gather threat intelligence, share insights across organizations, and foster a more collaborative approach to cybersecurity.

Why Reporting SMS Phishing is Important

Reporting SMS phishing is not just about protecting yourself—it's about helping to create a safer digital environment for everyone. When you report a phishing attempt, you contribute valuable data that allows authorities, telecom companies, and cybersecurity teams to track, analyze, and shut down phishing operations more effectively. These reports help identify trends, discover new tactics, and prevent other people from falling victim to the same scams.

In 2024, the UK has seen a significant rise in various types of phishing attacks, including smishing (SMS phishing), quishing (QR code phishing), and voice phishing. This increase highlights the urgency of regular reporting. With phishing tactics evolving constantly, timely reports give organizations the insight they need to stay ahead of attackers. Moreover, your reports can trigger public alerts and help strengthen network filters, reducing the spread of malicious links and fake messages.

By taking the time to report a phishing attempt, you’re actively contributing to the fight against cybercrime, helping both individuals and organizations avoid costly breaches, data theft, and financial loss. The more reports authorities receive, the better equipped they are to dismantle phishing networks and protect the broader community from future attacks.

Get Smishing Awareness Training with Keepnet

For businesses, cybersecurity awareness training can boost organizations’ defenses by up to 92%. Incorporating smishing simulations and ongoing security awareness programs are great ways to minimize human error, a key entry point for attackers.

Get a free trial of our phishing simulation tool or request a personalized demo today to protect your company from smishing and other threats. Empower your employees to identify and report SMS phishing attempts like a pro!

Schedule your 30-minute private demo now.

You'll learn how to:

Protect your business from evolving threats like smishing, quishing, and vishing, lowering phishing attack success rates by up to 80%.

Integrate threat intelligence sharing to stay ahead of phishing trends, improving threat detection by up to 70%.

Automate incident response to minimize the impact of phishing attacks, reducing response time.

Frequently Asked Questions

1. What is SMS phishing, and how does it work?

SMS phishing, or smishing, is a type of phishing attack that uses text messages to trick recipients into clicking malicious links or sharing sensitive information. Cybercriminals typically impersonate trusted entities, like banks or delivery services, to create a sense of urgency and prompt users to act quickly.

2. How can I recognize an SMS phishing attempt?

SMS phishing messages often include urgent language, unknown or suspicious links, and requests for sensitive information like passwords or bank details. You may also notice poor grammar, strange URLs, or messages from unknown senders. Always be wary of unsolicited texts asking for personal information.

3. What should I do if I accidentally click on a phishing link in an SMS?

If you accidentally click on a link in a smishing message, do not enter any personal information. Immediately disconnect from Wi-Fi or mobile data, scan your device with antivirus software, and change any passwords you believe may be compromised. It's also a good idea to report the incident to your mobile provider and monitor your accounts for any unusual activity.

4. How do scammers get my phone number for SMS phishing?

Scammers can acquire phone numbers through data breaches, online directories, or social media. In some cases, they use random number generators to send smishing messages to a large group of potential victims. Protect your phone number by being cautious about where you share it online and using privacy settings on social media platforms.

5. Can I block SMS phishing numbers on my phone?

Yes, most smartphones allow you to block numbers that send suspicious or phishing messages. On both iOS and Android, you can block a number directly from the messaging app by selecting the message, tapping the options menu, and choosing "Block." Keep in mind that scammers often use different numbers, so it's important to remain vigilant.

6. How can businesses protect their employees from SMS phishing?

Businesses can protect employees from smishing by providing cybersecurity awareness training and using phishing simulations to educate staff on recognizing phishing attempts. Tools like Keepnet Labs’ phishing simulators help companies test their employees and ensure they know how to handle phishing threats.

7. Is there any specific software that can protect against SMS phishing?

Yes, there are several anti-phishing tools and security apps that help protect against SMS phishing. Applications like antivirus software and mobile security apps, such as Google Play Protect for Android and Apple's built-in security features, can block malicious links and flag suspicious messages. For businesses, tools like Keepnet Labs’ Threat Sharing Module offer added layers of security.

8. What legal actions can be taken against SMS phishing scams?

In many countries, SMS phishing is a crime, and victims can report incidents to local law enforcement or national authorities. Agencies like the Federal Trade Commission (FTC) in the US, the NCSC in the UK, and the ACCC in Australia investigate phishing schemes and take legal action against cybercriminals.

9. Can SMS phishing lead to identity theft?

Yes, smishing can result in identity theft if a victim provides personal or financial information to scammers. Cybercriminals can use the stolen data to access bank accounts, open credit cards, or make fraudulent purchases in the victim's name. It’s essential to report any data breaches or phishing incidents to the authorities to minimize the risk of identity theft.

10. What steps should I take to prevent SMS phishing attacks in the future?

To prevent future SMS phishing attacks, follow these best practices:

Enable two-factor authentication (2FA) for your accounts.
Be cautious about sharing your phone number online.
Install mobile security apps that detect phishing attempts.
Educate yourself and others about recognizing phishing scams through cybersecurity training programs.
Always verify suspicious messages by contacting the company or sender directly using official communication channels.