Smishing attack tells you “mobile payment problem” – don’t fall for it! – Naked Security

As we’ve warned before, phishing via SMS, or smishing for short, is still popular with cybercriminals.

Sure, old-fashioned text messages have fallen out of favour for personal communications, superseded round the world by instant messaging apps such as WhatsApp, WeChat, Instagram, Telegram and Signal.

But for brief, one-off business communications such as “Your home delivery will arrive at 11:30 today” or “Your one-time login code is 217828”, SMS is still a popular and useful messaging system.

That’s because pretty much every mobile phone in the world can receive text messages, regardless of its age, feature set or ability to access the internet.

Even if you’ve got no credit to send messages or make calls, no third-party apps installed, and no Wi-Fi connectivity, SMSes sent to you will still show up.

Such as this one, fraudulently claiming to be from UK mobile phone provider O2:

(O2): We haven't received your recent bill payment, please update your details at to avoid additional fees

As it happened, the UK reader who kindly sent in this sample (use if you have anything you’d like to share, by the way) wasn’t an O2 subscriber, so the message was obviously phoney in any case.

But O2 is one of the UK’s “big four” providers, with a market share of around 25%, giving the crooks in this case a 1-in-4 hit rate on purely random grounds.

Additionally, the first few digits of a UK mobile number are determined by the network that first issued it.

So, for any user who hasn’t switched networks, or who dumped their old number when switching to a new SIM card, their current network provider can be deduced correctly anyway.