A member of our leadership team received a SMiShing (SMS Phishing) message that appeared to be from the Royal Mail, and almost clicked it.

Phishing scams, including SMiShing attacks, are one of the most common ways threat actors attempt to steal personal information, which threatens the security of both individuals and organisations. Read on to hear how one of our team almost fell for a recent SMiShing attack, in our real life SMiShing attack example.

The SMiShing attack

Below, you can see the SMiShing text that was sent to one of our leadership team members.

SMiShing Attack Example - Rootshell Security

It reads: “Royal Mail: Your Package Has A £2.99 Unpaid Shipping Fee, Pay Now at royalmail-scheduled-delivery.com, If not paid a return to sender will be requested.”

Clicking the link takes the recipient to a very convincing fake mobile site.