Have you received a text from a “delivery service” about a package you ordered? Or, a text that appeared to come from your “bank” about suspicious activity? If so, you may have been a victim of smishing- SMS phishing.

In 2024, the Federal Trade Commission (FTC) said consumers lost $470 million in text message scams (that’s five times the 2020 amount). The FBI’s Internet Crime Complaint Center (IC3) most recent Internet Crimes Complaint Report stated smishing continues to be one of the most reported cyber crimes.

What is Text Message Scams (Smishing)?

Smishing is a scam that involves a spoofed text message, which appears to be from a legitimate source, where the scammers often threaten or rush the target into clicking the link or sending some type of personal information, before they have a chance to process what they are doing. The FBI called attention to smishing in the 2023 report, including demonstrating levels of smishing that were all new and still increasing. In 2021, thieves were sending false missed delivery text messages and all forms of false communications. They were pushing these false things that would consume significant amounts of your data.

Smishing by the Numbers: A Rapidly Growing Threat

The FTC has stated that smishing is now the fastest-growing type of fraud against consumers and that text messaging is now the primary method for scammers to reach consumers, as opposed to calls or emails. The FBI IC3 has indicated that these text message phishing scams often lead to identity theft or malware and that just clicking a link in a suspicious text could put users in great danger.

Year	Text Scam Losses (FTC)	Total Consumer Fraud Losses	Notes
2020	$90 million	$9.8 billion	Pre-pandemic baseline
2022	$326 million	$10.2 billion	Surge in smishing
2024	$470 million	$12.5 billion	Smishing among top 3 threats

How to Detect a Fake Text Message?

Reputable businesses and government entities are never going to ask for personal information through any sort of SMS message or text message. A message from them telling you to act now or asking you for personal information is likely a scam. You should always take a second to think, What am I being asked to do? Don’t click any links, and don’t reply to their text message scams. As stated in the FTC recommendations in the report, always verify requests by calling the business or agency directly using their confirmed contact information, email, or calling. (Not the contact information in the text message.)

Unrecognized or Spoofed Number

• Legitimate companies utilize short codes or business phone numbers.  Scammers can spoof these numbers or use a random-looking number.

Sense of Urgency

• “Your bank account will be locked!” “Legal action pending!” They want you to panic and click.

Suspicious Links

• Look carefully; “wellsfargo.com” isn’t the same as “wells-fargo-secure123.biz.”

Grammatical Errors

• Misspellings, odd spacing, and bad punctuation are all indicators of fraud.

Unsolicited Requests for Personal Data

• No legitimate organization will ask for your password or Social Security number by text message.

What Are Some Common Text Message Scams to Be Aware Of?

Scammers regularly pose as a trusted service, including banks and delivery services, to create a sense of need or urgency. They will instruct you to forward the message or click links, and they can build almost identical scams from the real ones, according to the FBI. A more recent scam is QR codes, which are frequently used in text messages to get you to a spoof website and steal your data (this is a ming growing threat that many people do not know about). These are dangerous examples of text message phishing scams.

Common Smishing Tactics: 

1. Fake Package Delivery Notifications: “Your item failed delivery – click here to reschedule.” 
2. Banking Notifications: “There is suspicious activity on your account – please verify your account now.” 
3. Government Impersonation: “This is the IRS. Your refund has been suspended. Please update your information here.” 
4. Prize or Lotto Scams: “Congratulations!  We have some exciting news to share.

• You have won a $1,000 Amazon gift card! Claim it now!” 

5. Subscription Renewal Scams: “Your Netflix subscription has expired. Click here to update your details.” 

Underrated Smishing Tactics: 

• QR codes Smishers often will use QR codes in their messages so that they can point to fake websites that can be scanned. 
• Group Text Spam Group text spam attempts to avoid spam filtering by sending a text to a recipient in a group of recipients. 
• SIM Swap Scams SIM swap scams can give scammers the ability to take over your actual phone number by submitting a bogus request to your carrier.

What Happens If You Open a Text from a Scammer?

If you followed the URL link to the site, you ended up at a fake website, which was probably intended to steal the credentials that you entered or install malware on your phone. The FBI states that this can lead to financial information theft, identity theft, or the scammer gaining remote access to your device and recording your activities. Just opening up the text does not put you at risk, but acting upon it could put you at risk. 

By replying to a scam text message, you have now confirmed to the scammer that your number is active, and you will be subjected to spam and scam attempts going forward. If you engage more with these types of messages, there is a high chance that you will be trapped again later on.

Can a Scammer Hack My Phone If I Reply to a Text?

In response to a scam text, not only will you perhaps become a target for spam texts, but you may not realize that there is a major difference: malware. Some scams include links within their scam email or text that, once clicked, will download malware onto your phone immediately or direct you to a harmful website. The FBI’s Cyber Division has recognized an increase in scammers using malware to hijack devices to steal personal information or access other apps, like banking and email apps.

Some scams could be SIM swap scams. This swindler will try to take over your phone number (e.g., tricking your cell provider into sending them a SIM card) – This is not a direct result of responding to a scam text message (although it can happen if the scam begins with some of your personal information). The FBI report states that if your carrier has a PIN or password procedure set up, it could help prevent you from becoming a victim of a SIM swap situation.

What Should You Do If a Scammer Keeps Texting You?

When you block and report a scam text, you also help to ward off scammers from potentially targeting the same individuals as you. Your mobile service provider will be able to track the original source of the message and take action against it. The Federal Trade Commission encourages consumers to take action against these scams that allow legal representatives to go after fraudsters. Some phones even have an automatic spam option that will detect calls and potential scams! 

You can follow the suggestions below:

• Do not engage in suspicious texts.
• Block the number from your phone.
• Report the message to your mobile carrier by forwarding the message to 7726 (SPAM).
• Report to the FTC at reportfraud.ftc.gov.
• Utilize security apps to automatically filter spam messages.

Recommendations from the FTC and FBI

FTC:

• Always report smishing to reportfraud.ftc.gov.
• Do not respond to scam text messages.
• Use spam filters and anti-virus software.
• FBI (IC3):
• Upgrade software and firmware.
• Distinguish between unexpected hyperlinks.
• Collect and report suspicious text messages, regardless of loss.

Conclusion: 

The best way to guard against text message scams is vigilance. Scammers like to get you busy, distracted, and trusting. If you remain vigilant and utilize the correct tools, you’ll be much less vulnerable. Make it a point to always report suspicious texts to the FTC and to your carrier, and you should definitely alert others, especially those in vulnerable categories.

If you need more ideas on how to protect yourself, take a look at the official sites of the FTC or the FBI Internet Crime Complaint Center (IC3). Both sites have useful information about text message scams and how to report fraud.