Is this text a scam?
UK smishing follows a small set of repeating templates — Royal Mail redelivery, HMRC rebate, bank security alert. Spot the patterns, paste into Safety Check, forward to 7726.
Free download. iOS & Android. UK-first.
A text message is likely a scam (smishing) if the sender is a long mobile number pretending to be a brand, the link goes to a lookalike or shortened URL, the message creates urgency or threatens an account, demands an unexpected fee, or asks for a one-time code or card details. Paste the text body or the link into SilentID Safety Check in the app — 3 free checks per day, no signup. Forward UK scam texts to 7726 (free on all major networks).
Why UK smishing has exploded
UK mobile numbers are scraped, leaked and dialled at industrial scale. UK Finance puts annual UK fraud losses at over £2.7 billion, with smishing now a leading entry point for both card-not-present fraud and authorised push payment (APP) fraud. Mobile UK’s 7726 service — the free number that spells SPAM on a keypad — receives millions of forwarded scam texts a year and feeds the take-down pipeline (Source: Mobile UK).
The good news: UK smishing relies on a tiny set of recurring templates. Once you know them, you can spot most at a glance.
How to check a suspicious text in the SilentID app
- 01
Don't tap the link
Just receiving the text is harmless. Tapping is the danger zone — it opens the phishing page.
- 02
Long-press to copy the text body or link
On iOS and Android, long-press the message → Copy. Or copy just the URL.
- 03
Paste into SilentID Safety Check
Open the SilentID app, tap Safety Check, paste. The check screens sender pattern, link reputation, brand-impersonation and smishing-template matches.
- 04
Forward the text to 7726
Once verified as scam, forward the original text to 7726 — free on all UK networks. The networks use it to block the sender and take down the page. Then delete.
7 smishing signals — UK 2026
The patterns Action Fraud, NCSC and the UK mobile networks see most often. Two or more usually means delete-and-report.
Sender ID looks like a brand but it is a number
Genuine UK brands (banks, Royal Mail, NHS, HMRC) usually send from a registered short-code or alphanumeric sender ID. A long mobile number pretending to be them is a clear smishing tell.
Link uses an unusual or shortened URL
bit.ly, tinyurl, lookalike domains (royalmail-uk.top, hmrc-rebate.shop), Punycode, or random characters. Real Royal Mail / DPD / HMRC links live on royalmail.com, dpd.co.uk and gov.uk only.
Urgency, deadline or threat
"Last chance", "Within 24 hours", "Account will be closed", "Parcel will be returned". Pressure is the entire point of smishing — slow down.
Unexpected fee or surcharge
"£2.99 redelivery surcharge", "£1.99 customs charge". Royal Mail and other UK couriers don't collect surcharges by SMS link. Customs charges go via post or the courier's app, not text.
Asks for one-time code, password or full card details
No legitimate UK bank, retailer, courier or government department will ever text you asking for a one-time code, account password or full card number. Action Fraud lists this as the single clearest smishing tell.
Generic greeting and missing personal details
"Hi", "Dear customer", "Mr/Ms" with no surname. Real UK delivery firms reference your tracking number; real banks reference the last four of your card.
Number you do not recognise — and you weren't expecting a message
An out-of-the-blue text about a delivery you didn't order, a tax refund you didn't claim, a fine you didn't incur. If you didn't ask for it, don't click.
Common UK smishing templates
Royal Mail / DPD redelivery surcharge
“Royal Mail: a £2.99 surcharge is required to release your parcel. Pay here: royalmail-redelivery.top/pay”. Royal Mail and DPD do not request surcharges by SMS link. If a parcel really does need a fee, it’s collected by post or in the courier’s own app — never via a random link.
HMRC tax rebate
“HMRC: you are owed a refund of £247.50. Click to claim before [date].” Genuine HMRC never texts about rebates. Refunds arrive via your Government Gateway account or by post, never via an SMS link.
Bank security alert
“Your bank has detected suspicious activity. Tap here to verify.” The link goes to a lookalike of your bank’s login page. If genuinely concerned, call the number on the back of your card — never the number in the text.
NHS / NHS Covid pass
Variants impersonate the NHS app or the Covid Pass to harvest personal details. The NHS does not text links to verify identity. Use the official NHS app, downloaded from the App Store or Play Store.
How to report a scam text in the UK
- Forward the text to 7726 — free, all UK networks. Spells SPAM on a keypad.
- Report to Action Fraud via actionfraud.police.uk or 0300 123 2040 if you’ve clicked, paid or shared details.
- Tell your bank’s fraud team immediately if money has left your account.
- Generate a PDF evidence pack in SilentID Pro for Action Fraud and bank claims.
UK smishing & fraud — the numbers
Related guides
Frequently asked questions
Check the text before you click
Download SilentID — paste any suspicious text body or link into Safety Check. 3 free checks per day, no signup.
100% passwordless. UK-based. GDPR-native.
·
Reviewed by the SilentID editorial team. We update each guide quarterly with new UK fraud data.