I was one of those who recently received an SMS message from the Central Provident Fund (CPF) Board regarding the cessation of my ElderShield policy that contained a clickable link (SMS on termination of ElderShield policies legitimate: CPF Board, April 24).

In the light of past cases of phishing using clickable links in SMS messages, I am surprised that some organisations still persist in sending them.

I know various organisations have said SMS messages have enabled access to citizens who do not own smartphones or use mobile apps, so removing clickable links for low-risk transactions could reduce people's ability to access services.

But with some banks telling their customers that they will never send SMS messages with clickable links, the public is being sent mixed messages.

This is unhelpful in the fight against online criminals because it forces the public to make individual judgment calls on whether a link is legitimate.

We cannot assume that everyone has the cyber-security skills to easily spot a fake link.

What about those who do not ask for help and simply click on any link they are sent?

Security and convenience have always been diametrically opposed.

So long as organisations continue to provide convenient clickable links in their communications, scammers will always have a reasonable chance of success in tricking someone into clicking on a fake link.

It is time for all organisations to follow what banks have done and announce that they will no longer send clickable links via SMS.

Continuing to send clickable links in SMS messages on the one hand and telling people to be on the alert for fraudulent links on the other hand creates a mixed message that contributes towards giving attackers a potential and continued avenue for exploitation.

Julian Ho