In a stark reminder of the evolving cyber threats targeting even experts, a prominent cyber law advocate from Lucknow recently received a sophisticated smishing message. Smishing—SMS phishing—has surged in India, with the Indian Cyber Crime Coordination Centre (I4C) reporting over 1.2 lakh cases in 2025 alone, causing losses exceeding ₹1,500 crore.
The advocate, shared details of the incident that unfolded on a routine afternoon. The malicious text masqueraded as an urgent bank alert: “RS 30,000 credited to a/c XXXX….Verify immediately via [shortened malicious link]” The message preyed on fears of financial loss, a common tactic in smishing attacks.
What Is Smishing?
Smishing is a cyberattack that combines “SMS” (text messaging) with “phishing.” It tricks people into sharing sensitive info like passwords or bank details through fake text messages.
How It Works
Attackers send urgent texts pretending to be from banks, delivery services, or government agencies, often with malicious links or requests for info. Victims might click a link to a fake site that steals data or downloads malware, exploiting trust in SMS over email.
Smishing Surge: Why India is a Hotbed
Experts attribute India’s smishing boom to high mobile penetration (over 1.1 billion users) and low awareness. The Uttar Pradesh Police Cyber Cell notes a 40% rise in such cases in 2026, often linked to transnational gangs using VoIP numbers. “Smishing bypasses email filters, hitting directly on phones,” says the advocate, who specializes in cyber litigation under the IT Act, 2000, and Bharatiya Nyaya Sanhita.
Common lures include fake delivery updates, lottery wins, and government schemes like PM-KISAN. Victims lose money via UPI fraud or data theft leading to identity scams.
Prevention Tips from the Frontlines
The cyber law expert urges vigilance:
- Never click SMS links; verify via official apps.
- Enable two-factor authentication and app-based banking.
- Report to cybercrime.gov.in or 1930 immediately.
- Use antivirus apps with SMS scanning.
Authorities have busted several smishing rings in Lucknow recently, but the advocate warns, “Laws like Section 66D of IT Act exist, but enforcement needs tech upgrades.” This incident underscores: In cybercrime, even advocates aren’t immune—stay alert.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
