Safety Tips 6 min read

How to Spot Scam Text Messages (Smishing)

"Your package couldn't be delivered." "Pay your toll to avoid a fine." "Your account has been locked." These texts are everywhere - and most of them are scams. Here's how to tell.

Smishing Red Flags

  • Smishing = SMS + Phishing - scam texts pretending to be from real companies
  • Common lures: delivery failures, toll fines, bank alerts, tax refunds
  • Never click links in unexpected texts - go to the official website directly
  • Check the domain before clicking - auspost-delivery.com is NOT auspost.com.au
  • Report scam texts by forwarding to 7226 (SPAM) in Australia

What is Smishing?

Smishing = SMS + Phishing. It's when scammers send text messages pretending to be legitimate companies, hoping you'll click a link or call a number that leads to theft.

Smishing has exploded in recent years because:

  • People trust text messages more than emails
  • Text messages have higher open rates (98% vs 20% for email)
  • Mobile screens make it harder to spot suspicious links
  • People often respond quickly to texts without thinking

The Most Common Scam Texts

📦

Delivery Notification Scams

"AusPost: Your package could not be delivered. Please confirm your address: auspost-redelivery.com/track"

Why it works: Everyone orders online. You might actually be expecting a package.

Red flag: The link isn't to auspost.com.au - it's a lookalike domain.

🚗

Toll Payment Scams

"Linkt: You have an unpaid toll of $4.15. Pay now to avoid $75 fine: linkt-payment.com/pay"

Why it works: Small amount feels real. Fear of fines creates urgency.

Red flag: Toll companies send physical letters or use their official app, not random texts.

🏦

Bank Alert Scams

"CommBank: Unusual activity detected on your account. Verify now to prevent suspension: commbank-verify.com"

Why it works: Fear of losing access to your money.

Red flag: Banks will never ask you to click a link to verify. Log in directly through their app.

💰

Tax/Government Scams

"myGov: You have a tax refund of $847.50 pending. Claim within 24hrs: mygov-refund.net/claim"

Why it works: Everyone wants free money. Time pressure prevents thinking.

Red flag: Tax refunds go directly to your bank account. Government never texts with links.

🎁

Prize/Gift Card Scams

"Congrats! You've won a $500 Woolworths gift card. Claim here before it expires: woolies-rewards.com/winner"

Why it works: Who doesn't want free stuff?

Red flag: If you didn't enter a competition, you didn't win. It's that simple.

5 Signs a Text is a Scam

1

Urgency or threats

"Act now," "24 hours," "avoid penalty" - scammers want you panicked, not thinking.

2

Suspicious links

Look at the actual domain. Is it the real company website or a lookalike?

3

Too good to be true

Free money, prizes, or refunds you didn't expect = almost always a scam.

4

Generic greeting

Real companies know your name. "Dear customer" or no greeting = suspicious.

5

Unexpected contact

You didn't order anything? Didn't sign up? Didn't request anything? Be suspicious.

What To Do When You Get a Suspicious Text

The Golden Rule

Never click links in text messages. If it might be real, go to the company's website directly (type it yourself) or use their official app.

Safe Steps:

  • Don't click - Even to "see what it is." Links can install malware.
  • Don't reply - Even "STOP" confirms your number is active.
  • Check the domain - Use TrustNope to verify if the link is legit.
  • Go direct - Open the company's app or type their URL manually.
  • Report it - Forward to 7226 (SCAM) in Australia or report to Scamwatch.
  • Block and delete - Don't let it sit in your messages.

Already Clicked? Here's What To Do

If you clicked a link:

  • Don't enter any information - Close the page immediately
  • Run a security scan - Use your phone's built-in security features
  • Change passwords - If you entered any credentials, change them now
  • Enable 2FA - Add two-factor authentication to important accounts
  • Monitor your accounts - Watch for unauthorized transactions
  • Contact your bank - If you entered financial info, call them immediately

Check Links Before You Click

Got a text with a link and you're not sure if it's real? Copy the domain (the part after https:// and before the first /) and check it on TrustNope.

We'll tell you:

  • Is it a lookalike domain? - We detect typosquatting and brand impersonation
  • How old is the domain? - Scam sites are often brand new
  • Is it on blocklists? - We check known scam databases
  • Does it have proper security? - SSL, security headers, and more

Suspicious Link? Check It First.

Copy the domain from any suspicious text and check it for free on TrustNope.

Check a Domain Now