Cybercriminals have become increasingly sophisticated in their attempts to defraud individuals, and one of the most prevalent methods is through SMS phishing, often referred to as "smishing." This deceptive practice involves sending text messages that mimic legitimate communications from well-known companies, such as delivery services, with the goal of tricking recipients into divulging personal or financial information. The rise of online shopping has fueled the growth of smishing, making it a significant threat to consumers.
A common smishing scenario involves a text message purportedly from a delivery company like Mondial Relay or Relais Colis, informing the recipient that their package could not be delivered because it wouldn’t fit in the mailbox. The message typically includes a link that directs the recipient to a fake website where they are prompted to enter their personal information, including credit card details, to reschedule the delivery or choose a new delivery point. Unsuspecting individuals who fall for this scam risk having their financial accounts compromised and their identities stolen.
The prevalence of smishing has increased dramatically in recent years. According to Major Leroch of the National Gendarmerie’s cybercrime unit, there has been an estimated 200% increase in smishing SMS messages between 2020 and 2025. Authorities detect approximately 400,000 fraudulent SMS messages daily in France, with spikes occurring during peak shopping periods like Black Friday, Christmas, and French Days.
Recognizing and avoiding smishing scams requires vigilance and awareness. The first step is to be cautious when receiving unsolicited SMS messages, especially those claiming to be from delivery companies. Major Leroch notes that while all delivery services are potential targets, Mondial Relay and Relais Colis have been particularly impersonated in recent months.
One telltale sign of a smishing attempt is the phone number from which the message is sent. Jerôme Notin, director of the cybermalveillance.gouv.fr platform, explains that if the SMS originates from a number starting with 06 or 07, there is a 99.9% chance that it is a scam. Legitimate businesses typically use five-digit numbers for sending SMS messages or opt for direct phone calls. However, even if the sender ID displays the name of a legitimate company, it’s essential to exercise caution, as this can be spoofed.
Adding to the complexity of the situation, smishing messages are often personalized with the recipient’s name, address, and even their IBAN (International Bank Account Number). This level of personalization is a result of numerous data breaches that have occurred in recent years, highlighting the importance of protecting personal information online.
If you receive a suspicious SMS message, resist the urge to click on the link provided. Instead, independently verify the information by visiting the official website of the merchant or delivery company and logging into your account. This will allow you to check the status of your order and any delivery updates without risking exposure to a fraudulent website.
If you do click on the link in a smishing SMS message, be aware that you will likely be redirected to a fake website that closely resembles the official website of the delivery company. These counterfeit sites are designed to deceive victims into entering their personal and financial information. One user who fell victim to a smishing scam reported on the signal arnaques website that the link led to a fake Mondial Relay page that was nearly indistinguishable from the real one. The user also attempted to call the "delivery driver" but received no response.
Jerôme Notin emphasizes that these fraudulent websites are often near-perfect copies of the official sites, making it difficult for unsuspecting users to identify the scam. He also points out that smishing is often part of organized crime, with criminals developing and selling "kits" that enable individuals with limited technical skills to generate SMS messages and create fake websites. This "democratization of cybercrime" makes it easier for criminals to perpetrate these scams.
If you have clicked on a link in a smishing SMS message, pay close attention to the website’s address in the browser. Major Leroch advises that it’s always best to access websites directly by typing the address into the browser, rather than clicking on links in SMS messages or emails. The general rule of thumb is to never provide sensitive information through unsolicited links.
If you suspect that you have provided personal or financial information on a fake website, immediately contact your bank to cancel your credit card. You should also file a police report to document the incident and help authorities investigate the crime.
Several resources are available to help individuals protect themselves from cybercrime. The 17cyber.gouv.fr website provides information on identifying and reporting cyber threats and can connect victims with technical assistance or law enforcement if needed. Additionally, you can report spam SMS messages to the 33700 website.
The Ministry of the Interior has developed a "Ma sécurité" app that provides users with notifications about cyber threats and other security alerts. For those who prefer to speak with someone directly, the info escroquerie hotline at 0 805 805 817 offers guidance and support.
Reporting smishing attempts and other cybercrimes is essential for helping law enforcement identify perpetrators and gain a better understanding of the scope of the problem, as Jérôme Notin emphasizes. By staying informed, being vigilant, and reporting suspicious activity, individuals can protect themselves from falling victim to smishing scams and contribute to the fight against cybercrime.
