Phishing is a very common social engineering tactic. Phishing is an attempt to trick someone into accidentally installing malware or to redirect someone to a spoofed website to steal information. Phishing is frequently done via spam email or text messages.
Never open attachments from unknown senders and do not follow links from them. Legitimate organizations will never ask for sensitive information via text message or email and will contact their clients through official channels.
If you are contacted by an organization and they demand you take immediate action, verify their authenticity immediately. The best way to do this is to get in touch with the organization directly using their publicly available contact information, not the information received in the message.
Don’t put your business at risk by letting someone take advantage of your trust.