Smishing: How fake texts can trick your team
Posted on May 9, 2025 by Louise Howland
Cybercriminals are constantly evolving their tactics, and one of the growing threats organisations face is the rise of WhatsApp and text message phishing scams, known as smishing. While smishing itself is not new, the level of sophistication attackers are now achieving is a serious concern. These scams often begin with messages that appear harmless but are designed to exploit trust and manipulate behaviour.
At ramsac, we recently encountered such an attempt, where a scammer impersonated our Executive Chairman, Rob May, by sending messages to several staff members. The messages asked recipients to confirm receipt, a tactic designed to initiate trust before escalating to more malicious requests.
What does a smishing attempt look like?
In this instance, a ramsac employee received a message from an unfamiliar mobile number. The profile photo and name were made to resemble Rob May. The message simply read: “Hello Chris, kindly let me know if you get this message… Thanks, Rob May.” Shortly after, another message was sent but this time addressed to “Matt.”
These messages are purposefully vague and non-threatening to encourage a response. Once the target replies, the scammer typically follows up with more urgent or unusual requests, such as asking for help with a payment, requesting the purchase of gift cards, or attempting to extract sensitive company information. This is a classic case of social engineering, where trust is established quickly and used against the recipient.
Why these messages are dangerous
What makes these scams so concerning is how effectively they exploit authority and urgency. By impersonating someone high up in the organisation, the scammer creates an environment where the recipient feels compelled to respond without thinking twice. Often, attackers harvest profile images and names from platforms like LinkedIn to make their impersonation more convincing.
The danger increases when multiple people in an organisation are contacted simultaneously. The more people who receive the message, the greater the chance that someone will respond, particularly if they’re busy, under pressure, or eager to be helpful.
Recognising the warning signs
Smishing messages usually have a few tell-tale signs. Watch out for messages from numbers you don’t recognise, especially if the sender claims to be a senior team member. The language may feel slightly off, often overly polite or oddly formal, such as “kindly let me know.”
If the message is vague and invites further conversation without stating a clear reason, treat it with suspicion. The scammer’s goal is to hook you in and escalate the request once you’ve taken the bait.
What to do if you receive one
If you think you may have received a smishing message, follow these simple steps to stay safe and prevent further risk:
- Do not reply to the message. Responding confirms your number is active and may lead to continued targeting.
- Use a trusted internal communication method, such as Microsoft Teams or your corporate email, to check whether the person really tried to contact you.
- Notify your IT or cybersecurity team immediately so they can investigate and alert other staff if necessary.
- Block and report the number using the in-app features available on WhatsApp or your messaging platform.
How ramsac protects your organisation
At ramsac, we provide proactive support through our secure+ service, designed to detect and defend against threats like smishing. We also offer security awareness training and phishing simulations to help staff recognise and report potential attacks.
Smishing scams are designed to manipulate your instincts, whether that’s your desire to be helpful or your deference to authority. Staying aware of the signs and knowing how to respond can make all the difference. If something feels off, it probably is.
Don’t take risks with suspicious messages. Pause, verify, and report anything unusual to your IT team. Together, we can build a more secure workplace.
Need help improving your organisation’s cybersecurity resilience? Contact ramsac today to learn more about how our cybersecurity solutions can keep your organisation protected.
Whitepaper – Cybersecurity threats facing UK SMEs in 2025
Discover the most pressing cyber threats facing UK SMEs in 2025 and learn how to protect your organisation with expert insights and practical guidance.
