Smartphones have become integral to our society, but they’ve also exposed vulnerabilities in our security — and scammers are taking full advantage. With spam calls still dominating the airwaves like Free Bird on classic rock radio, text scams have suddenly cranked it up to 11.
Text scams are messages from fraudsters that aim to obtain personal information or download malware onto your device; the end goal is to use this information or malware to steal money, assets, or even your identity.
Criminals often do this through a tactic called smishing (from SMS and phishing), or tricking recipients into following links that lead them to fake websites or trigger a malware download. Once the target clicks the link and types in their personal details or downloads a virus, the fraudster gets the control they need to pull off the scam.
Our research shows Americans were hit with more than 225 billion robotexts in 2022, which was a 157% increase over 2021. This led to a massive $20 billion in estimated losses to text scams. Since this problem likely won’t be going away soon, it’s imperative that everyone understands how to stay safe.
Keep reading to learn how text message scams and smishing work, what to look out for, and how to protect yourself and your family.
To protect yourself from text scams, it helps to put yourself inside the mind of a scammer. Understanding how these criminals think and operate will help prepare you to shut them down rather than fall victim to their schemes.
Cybercriminals make a living off of social engineering, or psychologically manipulating their targets into falling for their ploys. They use specific techniques to influence people’s decisions and get the information they need to steal money, assets, or identities.
Let’s take a look at some of the techniques used by text scammers and smishers in particular.
Caller ID spoofing has become a significant roadblock in the fight against spam. This is when criminals disguise their phone numbers so they come up as local or trusted numbers on your caller ID, making you more likely to respond. Scammers also spoof websites, or create identical versions of trusted websites where they instruct you to enter your login credentials or other personal information.
Whereas smishing is specifically a text-based attack, phishing scams are the overarching strategy of luring a target into clicking a link. Some links direct you to a form where you enter personal information, while others download malware onto your mobile device and allow the scammer to take control.
Some scammers disguise themselves rather than their numbers or links. They try to create a false sense of trust by pretending to be someone who works with you, like tech support, your security team, or the HR department. In cases like these, you might need to give the person certain details in order for them to do their job — so always verify exactly who you’re communicating with before giving out any information.
In order for a scam to work, the scammer has to get the target’s attention. By baiting people with promises of prizes, rebates, and other tempting offers, they lure their targets into their trap.
The purpose of social engineering is to manipulate people’s emotions, and scammers do so with a combination of tactics. They may use the above techniques to create a sense of curiosity or reward that encourages immediate action, or they may attempt to intimidate their targets with threats of punishments for delaying.
Scammers make a living off of deceiving people. By creating false narratives and applying pressure, they convince people that the best course of action is to follow directions and provide the bad actor with the information they’re asking for. Whether their approach is friendly or hostile, the end goal is the same: your information in their possession.
Text scams tend to take similar forms, and when you get to know them, they can be easy to spot. Here’s a look at some of the most popular smishing and text scams over the past few years.
When a scammer gets their hands on your iCloud credentials, they can access all of your registered devices. The iCloud scam is a popular text scam that claims your Apple Pay wallet is suspended, your account has been compromised, or you have to enter your login information to reactivate your account.
If any of these issues actually came up, however, Apple would not contact you by text message. Simply ignore the text, block the number, and report the scam attempt.
Some scams, like lottery, prize, and giveaway scams, prey on excitement. They claim that you’ve won a desirable prize like a cash payout, a vacation, or the latest video game system.
The catch is you have to submit information like your address (to allegedly receive the prize) or even your banking information (so they can wire you your “winnings”). They may even ask you to pay an upfront fee to receive your prize.
These types of scams are easy to spot; if you didn’t enter a contest, you definitely didn’t win it.
You’ve probably gotten a legitimate “wrong number” text in the past, and scammers are now attempting to capitalize on that crossing of wires. They typically start with something as simple and innocuous as “hey how are you” or act like they’re texting a specific person about a date. When you politely inform them that they have the wrong number, they may apologize and strike up a conversation.
Some especially patient scammers will go through dozens or even hundreds of exchanges to build up trust before making a move, but the end result is always the same: The scammer pitches the scam.
Online shopping was already popular before the COVID-19 pandemic, but it became a necessity during quarantine. Unfortunately, this blew the doors open for package-related fraud.
These scams come in a few different forms and may suggest that you:
Of course, you would have to click the link in a suspicious text message in order to remedy these fake issues. You know the drill: ignore, block, report.
There are few easier ways to get someone’s attention than informing them of a problem with their finances. Since this immediately creates a sense of urgency, it’s a logical go-to for scammers.
Bank and credit card text scams may claim that your account is being closed, potential fraud activity has been detected, or your card is being locked. To get more information and take action, you’re instructed to enter your login credentials and/or PIN. These types of scams are especially dangerous because they can give criminals direct access to your financial accounts.
Instead of coming to you with a fake problem, some scammers take a different route: fake offers. They may offer you a low- or no-interest credit card, an exclusive rewards card through your bank, or another opportunity that could improve your financial standing.
Regardless of which angle the fraudsters used, always contact your bank, credit card company, or financial institution at a legitimate number to check and report the scam.
The quicker you can spot a text scam, the quicker you can shut it down. Fortunately, fraudsters tend to use the same tactics, which means the same red flags pop up. Knowing how to catch and report them will help keep you and others safe.
Following directions laid out by a stranger in a text message is already an unusual request — and it’s one you should never accept. Legitimate entities will generally attempt to contact you by phone call, email, or traditional mail; sending a link in an unsolicited text message is not normal.
Scammers might also ask for information like your:
Additionally, scammers that directly solicit money might ask you to send preloaded gift cards or other strange forms of payment. It goes without saying, but a government agency will never ask for payment via Walmart gift cards.
Don’t oblige these unusual requests, and never give out personal or financial information to a stranger over text message.
Links in smishing texts — and the sites they send you to — are inherently dangerous and may strike you as suspicious even before you follow them. Watch out for links with oddly placed hyphens, and beware of URLs that use strange or non-native characters (like å or í) to try to replicate legitimate websites.
Time is of the essence for scammers; the less time you have to think about what you’re doing, the better chance you’ll fall for the scam. Take note of texts that create a sense of pressure or urgency, and, despite their instructions, don’t act fast.
Scammers apply this kind of pressure in a number of ways. Depending on the angle of the scam, they might:
If you pick up on any of these red flags, do not obey the instructions you’re given. Instead, contact the person, company, or organization directly at a verified number to identify and report the scam.
While the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have been cracking down on spam calls, we’re further behind in the fight against the SMS form of the same threat. Fortunately, there are steps you can take to keep yourself safe:
A text scam is a digital message, often via SMS text, that attempts to extract personal information from the target or download malware onto their phone. The scammer then uses that information to access bank accounts, use credit cards, or commit identity theft.
Many scammers follow the same blueprints, which makes it easier to spot — if you know what to look for. Delivery scams were far and away the most common type in 2022, with bank and COVID-19 scams ranking second and third.
Some scammers are craftier than others, but the same red flags pop up in all types of scams. If you’re contacted by an unknown number (even if it appears to be local), you receive a message that instructs you to follow a link, or you feel intimidated or threatened, do not respond to the message. If the message appears to have come from a real business or organization, you can contact them at a listed number to confirm that it was a scam.
Although there are ways you can protect yourself from scam texts and smishing attacks, there’s no better way to shut them down for good than by downloading a spam blocker like Robokiller. Thanks to our predictive technology and years of being on the frontlines in the war against spam, our comprehensive defense is 99% effective in stopping spam calls and texts from ever reaching your phone.
Try Robokiller for free for 7 days and experience the benefits for yourself.