Smishing Lure Types
The specific pretexts used in SMS-based phishing attacks — including fake parcel notifications, bank fraud alerts, toll notices, and government messages.
Also known as: SMS lure, text scam pretext
Last reviewed: 10 June 2026
While 'smishing' refers broadly to phishing via SMS, the term 'smishing lure' describes the specific scenarios attackers use to generate urgency. Common lures include fake package-delivery notifications (asking for re-delivery fee or customs payment), bank fraud alerts with a link to 'verify' the account, unpaid road-toll notices, HMRC or IRS tax-refund messages, and fake competition wins.
Each lure is designed to trigger a different emotional response: parcel notices exploit expectation, bank alerts exploit fear of financial loss, and toll notices exploit authority and fear of legal consequences. Mobile users are often less careful when tapping links on small screens.
Organisations such as delivery companies and banks will never ask customers to provide payment details through a link sent via an unsolicited text message. Access services directly via official apps or by typing the URL manually.
Examples
- A text claiming to be from a national postal service says 'Your parcel is held at customs — pay a small release fee' with a link to a phishing page.
- An 'HMRC' text claims a tax rebate is waiting and asks the user to confirm bank details via a link.