Phishing scams targeting mobile users via calls or various types of messages are on the rise

The first contact is made using one of the following methods: through calls or through fake emails, SMS and other types of messages, such as through instant messaging applications. Criminals often very convincingly imitate messages from official authorities and recognizable organizations, such as post offices, banks, etc. We therefore advise caution when receiving SMS messages, especially from unknown numbers. Never enter your personal information, especially payment card information, on links you receive in this way. If you have already entered your payment card details, contact your bank's call centre as soon as possible; if you have been scammed, report it to the police immediately.

Cases of malicious online phishing attacks through fake SMS messages (smishing) that users receive on their mobile devices, mainly through messages that they have mistaken for official SMS messages, have been a regular occurrence for some time. The frequency of such attacks increases significantly during periods when user behaviour predictably changes, for example, when they shop more (before Christmas, Black Friday), travel more (summer, holidays), expect shipments (promotions, sales, increased package deliveries after the holidays), or manage finances and other obligations (income tax and other tax deadlines, usually at the beginning of the month). That is when users actually expect similar messages, which criminals exploit with fake notifications about shipments, reservations, or payments that appear as a legitimate part of regular activities. Messages are often based on a sense of urgency or even use threat in their narrative (e.g. debt collection, fine to be paid, account or card will be blocked). In addition, attacks are adapting to current social and technological issues, targeting a wider range of users by exploiting trust in institutions. The common denominator of all these periods is that the attacks coincide with the recipients' realistic expectations, making them that much more difficult to recognize. 

How to recognize a fake message
Smishing is based on social engineering techniques, i.e. primarily on creating urgency, authority, and expectation. Typical signs that identify fake messages are:
-    unexpected communication referring to logistical (delivery), financial (payment) or access (account blocking) processes;
-    shortened or hidden URL links that lead to fake (phishing) pages;
-    requests for sensitive data (passwords, payment card numbers, one-time codes), which legitimate providers generally do not require to be submitted via SMS;
-    discrepancies in the identity of the sender (the organization name does not match the number provided, which is often from abroad, or the URL);
-    psychological pressure (phrases such as: "act immediately", "final warning") which reduces rational judgment;
-    fake security tests (so-called fake CAPTCHAs), in which the user is asked to copy and execute unknown commands in the command line (Command Prompt or PowerShell) as "proof that they are not a bot".

Phishing or regular SMS?
You can verify the authenticity of the message with more reliability by checking the link, i.e. whether there are any typos or shortened URLs in the domain, as real institutions use official addresses. Instead of clicking on a link, enter the organization's website address yourself or call it through its official contacts, not using information from the SMS. Also pay attention to technical signs such as a fake sender, suspicious elements in the link, or mass distribution of identical messages. It is a bit strange to receive information sent by Slovenian government authorities from an international number, isn't it? Also consider whether you are expecting such a message at all, as unexpected messages often pose a greater risk. Additionally, you can check warnings from organizations such as SI-CERT , which regularly publish current scam cases. 

Instead of a message, users can also receive a persuasive call (in Slovenian) or an email. The mode of action and the intent of the perpetrators are the same in this case, so the same principles of precaution apply.

What about the operator?
At Telekom Slovenije, we systematically protect users with multi-layered protection against phishing at the network, application and signalling levels. Protection includes blocking access to known fraudulent websites, filtering suspicious excessive SMS messages and emails, and verifying the identity of senders, thereby preventing abuse on behalf of banks or other organizations. We also use and regularly update lists of known threats, which allows us to quickly detect new phishing campaigns. However, because criminals are constantly changing the numbers, domains, and approaches through which they operate, these measures must be constantly updated. We can only detect certain abuses after users report them, as we do not monitor communications or interfere with their content in any way to protect their privacy. That is why it helps us identify fake messages when users submit reports, which provide us with the content of the messages. We regularly alert users about detected risks to protect them from reckless access to dangerous content. We cooperate with national and international organizations and other operators, which enables a coordinated response and reduces the spread of attacks. We always advise users to use security solutions such as Safe Internet. We recommend our business users opt for the solution M:Vrata for secure mass communication with their customers. 

Protecting Telekom Slovenije users in practice
Recently, media outlets and other organizations reported on a large-scale smishing attack with fake iMessage messages posing as SMS messages from government agencies, urging payment of traffic fines. The links led to a website that required entering a registration number and then payment card information, which the criminals immediately misused to make larger online purchases. We have to emphasize that we have not detected any abuse via traditional SMS messages in Telekom Slovenije’s network. According to information known so far, the malicious messages were sent via Apple's iMessage service, which operates as an independent OTT (Over-The-Top) communications platform, and not via the SMS infrastructure of mobile operators. With such services, mobile operators have no direct influence on the delivery or filtering of message content, as communication takes place via data transmission and the service provider's infrastructure. In such cases, based on user reports and other detected indicators, we promptly implement protective measures at the network level, primarily by blocking malicious domains and links used in the smishing campaign. Between Thursday, 14 May, 2026, and Sunday, 17 May 2026, the criminals used 41 different URLs in the smishing campaign, each on a unique domain that they had newly registered (source: SI-CERT ). As always, we advise users to be cautious when opening links in messages of all types and to consistently check the authenticity of senders and websites to which messages redirect them.

What to do if you receive a fake message:
-    Delete the message without replying.
-    Do not open the message.
-    Do not open links in such messages you receive.
-    Never enter sensitive information (any of your personal information or information about bank account numbers or payment cards). 
-    Do not install apps on your mobile phone from links offered to you in such messages, and do not install any other applications from unknown sources (e.g. offered to you by strangers over a phone call).
-    If you have already entered your payment card details, contact your bank immediately and follow the instructions you received (the bank's telephone number for such cases is usually written on the back of the bank card).
-    If harm has occurred, report the abuse to the nearest police station or by calling 113.
-    You can report abuse to the national cybersecurity response centre SI-CERT . 

You can also report abuse by calling Telekom Slovenije customer support; our agents can be reached at 041 700 700.

About Telekom Slovenije
Telekom Slovenije is a key player in the digitalization of Slovenia, providing a reliable fixed and mobile network and state-of-the-art information and communication services, and is also one of the leading providers of cyber resilience solutions in the southeast region. It is trusted by more than 220,000 broadband and TV service users and more than 1,000,000 mobile service users who value excellent user experience, reliability and security. This gives Telekom Slovenije a 29.2% market share in fixed broadband connections, 36.9% in mobile telephony and 44.2% in IP television (source: AKOS, Q4 2025). Telekom Slovenije’s cutting-edge and extensive fibre optics network reaches more than half a million households in Slovenia. The 5G mobile network is available to 99% of the population by the end of 2025. Over the past ten years, Telekom Slovenije has invested more than EUR 680 million in the development and maintenance of its fixed and mobile networks. The company provides top-tier services that align with users' needs and expectations, offering an excellent price/performance ratio. Users rate Telekom Slovenije's network as the best in Slovenia. (Source: Brand Track, Autumn 2024). Brand Track, Fall 2025). *The awards for Best Mobile Network, Fastest Mobile Network, Best Mobile Coverage, Best Mobile Gaming Experience, and Best Mobile Video Experience in Slovenia 2025 are based on the analysis of data from the Ookla® Speedtest Intelligence® service. Prices are in EUR, inclusive of VAT. For more information, visit www.telekom.si , a Telekom Slovenije sales centre, an authorized point of sale, or call 041 700 700 or write to info@telekom.si. Telekom Slovenije, d.d., Ljubljana