The main goal of this attack is to steal information from the victims. This attack is more sophisticated than other information-stealing attacks. This multi-step attack allows the attackers to get personal and banking details about the victim, which could lead to fraud. Clicking on links that are sent through text messages should be avoided at all times—not only could the web page be a fraud, but some content could deliver an exploit that can take over control of Android or iPhone devices. If someone wants to visit the link that was sent to them, they should open a browser and search for the address themselves. Using 2-Factor Authentication is a great first step in preventing unauthorized people from accessing accounts. It is good practice not to set up 2-Factor Authentication with SMS because it is easier for attackers to intercept those messages or temporarily take over a phone number with a SIM-swapping attack by fooling the cellular service provider into thinking the attacker is their customer. 2-Factor Authentication should always be set up using a trusted third-party application that randomly generates a code. Binary Defense’s Counterintelligence team monitors on the behalf of companies for any domains that have become registered that are being used to trick people into thinking that are the legitimate company website. A service like this can help companies identify these typo-squatted domains and get them taken down before they can cause harm.

More can be read here: https://www.bleepingcomputer.com/news/security/hmrc-smishing-tax-scam-targets-uk-banking-customers/