Skip to main content
Digital security Terms of use About us HR
Search
Traži

“Mom, my phone’s not working” is no longer a message. It is a business model used by fraudsters.

APWG data released at the end of 2025 shows that the rate of smishing attacks is recording a continuous growth of 30% to 40% globally quarter on quarter

A lady pensioner received an SMS message in the middle of the night. The message reads: “Mom, my phone’s not working, contact me at this number.” When her urge to respond rapidly outweighed her caution, she did what most people do – call the number.

The voice on the other side of the line was not familiar. This, however, was not crucial at the time. The message was clear, the situation was urgent, and the context was plausible – her son needed help. After a few minutes of conversation, she paid a few hundred euros to a bank account in Spain. The call ended with a thank-you. It was not until later, when she actually called her son, that she realized it was fraud.

She reported the case to the police. The explanation was simple - smishing (SMS phishing), a form of financial fraud where fraudsters use SMS or WhatsApp messages to impersonate someone’s son, daughter or another relative, claiming that their mobile phone has been lost or stolen. They contact the victim from a new number and ask them to make a payment to the IBAN specified in the message. They do this to steal money or sensitive information. In most such cases, including the one described above, the money is never returned.

Police reports clearly show that the lady from Rovinj was not the only target of such fraud. Individuals across Croatia have received identical or very similar messages over the past few months. An older gentleman paid just under two thousand euros to a foreign account, believing he was helping a family member who actually was staying abroad at the time as part of a student exchange program.

Attackers use AI

This is no exception. It is a pattern. Each such case is centered around the same dynamic: a combination of emotional manipulation and a sense of urgency. When you respond rapidly, without making any checks, there is no more room for a rational assessment.

If you receive a message from a person claiming to be your family member, start by calling their original number and verifying this information. Avoid any text correspondence if you have any doubt. Finally, it is essential that you refrain from paying any money to any unverified account and from following any instructions you may receive from an unknown person contacting you via an unknown phone number.

Frauds are becoming increasingly convincing

Attackers now use generative AI to create grammatically flawless, personalized messages in any language. These messages are no longer suspicious at first glance. On the contrary – they appear convincing, rapid and “correct”. At the same time, the SMS channel remains beyond the reach of most security filters currently in use, such as those used in e-mail communication. Considering, in addition to all this, the availability of large phone number databases in the black market, this system allows mass targeting at minimal cost.

The exact number of people who pay money directly to fraudsters’ bank accounts every year is not available, but the number of fraud attempts is known to be increasing on an ongoing basis. According to the information published by the Anti-Phishing Working Group (APWG) in late 2025, the global smishing rates had grown constantly by 30 to 40 percent on a quarter-to-quarter basis. According to the information provided by CERT, phishing attacks accounted for one third of all cyber incidents recorded last year in Croatia, with most smishing attacks occurring in May.

An additional risk – unintentional involvement in money laundering

The risk does not disappear after the payment. After defrauding a person of their money, fraudsters have increasingly recontacted their victims, offering repayment. Sometimes, they even offer additional profits. The victim is then asked to receive money in their account and immediately forward it, explaining this as a refund, commission or provisional transaction. In such a situation, the victim becomes a “money mule”, unintentionally involved in money laundering. The implications are very serious: bank account freeze, termination of all business arrangements with the bank, and criminal prosecution.

One should always bear in mind that no legitimate person would ever repay money by asking that you first receive it and then forward it. If you suspect this to be the case, stop all communication immediately, refrain from forwarding any money, and notify your bank and the police.

Different types of financial fraud and methods to protect against them are detailed at ZABAci oko na prijevare.

Protect yourself and your family on time

Download educational brochure

Consent

Custom cookie settings

Below you can enable or disable the use of individual categories of online cookies, and you can subsequently change your choice at any time. If you are not sure, you can find detailed information about the cookies we use on zaba.hr pages in our cookie policy.

Technical cookies

They enable the proper and safe operation of websites.

Always active

Performance cookies

They enable improvements in the use of websites.

Marketing cookies

They enable tracking of website visitors and collect data used to personalize ads and user experience.

Analytical cookies

They record statistical data that enable the improvement of our pages and our offer.