En español | Day and night, fraudulent texts messages bombard our mobile phones. The cybercriminals to blame for these illicit texts pretend to be from government agencies, such as the Internal Revenue Service, megaretailers like Amazon and Costco, and even major banks.
Don't let these crooks steal your money or data — or worse, infect your smartphone with malicious software. Let's start with the key ways to stay safe:
1. Do not respond to suspicious text messages. Don't even reply by messaging “STOP” or “NO."
2. Do not click on hyperlinks or attachments in suspect messages.
3. Take steps to filter unwanted messages or block them before they reach you.
Losses hit $86 million last year
Across the U.S., $86 million was reported lost in 2020 from frauds originating in scam texts, according to the Federal Trade Commission (FTC), a consumer protection agency. Last year the 334,524 such complaints equaled an average of 916 reports a day.
In 5 percent of overall cases, complainants said they lost money; their median loss was $800.
Meantime the Federal Communications Commission (FCC), which regulates mobile phone providers, heard about 14,000 complaints about scam texts last year. The roughly 6,900 reports so far in 2021 (through late May) suggest the 2020 total will be surpassed this year.
Cybercrooks aren't stupid
Savvy consumers delete suspicious texts faster than you can say “poppycock.” Yet cybercrooks go to great lengths to fool us. They masquerade as well-known entities, such as Federal Express, another firm whose name has been hijacked. Sometimes criminals even personalize texts, addressing you by name to evoke an air of authenticity.
The crooks play mind games, too: They fire off tempting texts about supposed opportunities for big money. They lie by saying a consumer is owed a refund. Or they purport to be a package delivery worker who is eager to hand off your parcel and asks that you click a link to confirm when you'll be home.
The fear factor
Criminals also capitalize on the fear factor, asserting in texts that you could lose money, have been accused of a crime, or will be mortified when embarrassing details about your life are exposed. The COVID-19 pandemic — and trillions of federal dollars unleashed to address the crisis — triggered an array of scam texts about coronavirus cures, surveys and special offers, the FCC says. Several of these hinged on pandemic relief dollars, one falsely offering $30,000 in funds from the “FCC Financial Care Center,” which does not even exist.
A text rife with red flags
Below is a scam text still circulating.
Can you spot the red flags in this scam text?
1. Slogan not pertinent — and no need for a space needed before exclamation point.
2. Did the scammer mean “phase?”
3. Missing dollar sign.
4. Presidents-elect do not control the country’s purse strings. Hyphen is missing in the title, too.
5. A head-scratcher: Does the “assistant stimulus” report to the stimulus?
6. Stimulus relief checks for individuals were not distributed to high-income taxpayers, so everybody was not eligible.
7. This is likely a malicious link. Never click on these.
Amid the cacophony, there are humdrum scam texts, too. One hit cellphones last week warning that a Chevrolet Tahoe's warranty will be expiring in 2022 — never mind that the recipient does have a Chevy.
Cybercrooks text from overseas
These aggravations come thanks to the dark side of technology, which allows huge numbers of automated texts to be sent quickly, cheaply and to random configurations of phone numbers within the same area code, says John Buzzard, the lead fraud and security analyst for Javelin Strategy & Research. “And you don't have to be in Dubuque, Iowa, to ping Dubuque, Iowa,” he notes. The senders “can be anywhere in the world."
He suspects a text about the $2,400 stimulus relief originated overseas because of the multiple gaffes. The crooks “get really good at it, but then eventually make some grammatical fumble,” he says. But only consumers truly paying attention will spot such red flags.
Next consider the nature of smartphones and how we use them.
Since limited screen space can make texts harder to read, consumers who may be on their phones for many hours a day — and perhaps distracted — can miss the minefields.
Many consumers have gotten street smart, though, as the FTC's reports show only 5 percent of the people who reported scam texts said they actually lost money.
"Smishing” is the colloquial term for texting people while purporting to be legitimate but only seeking money or sensitive data, or intending to wreak havoc with a computer device. The term marries “short message service,” or SMS, and phishing. Phishing, sort of a cousin of smishing, involves the same tactics using emails.
So here's the bottom line: If you have a smartphone, be a smart consumer.
More tips for consumers
Consumer advocates offer guidance on protecting against scam texts. Read their advice — and consider sharing it with loved ones.
- Several mobile phone providers allow you to block a sender by forwarding unwanted texts to 7726 ("SPAM"). Check with your provider about this and other blocking options available on your phone, through your wireless provider or using a call-blocking app. Here's more from the Federal Trade Commission.
- Do not respond to texts from unknown numbers or others that appear suspicious. Replying “STOP” or “NO” signals that your phone number is active, and your number could be sold to other criminal.
- Keep in mind that scammers often spoof phone numbers — including in texts — by making it appear the texter is local or from a legitimate entity to trick you into responding.
- Be extra cautious if pressured to immediately divulge information or make a payment.
- Never share personal or financial information via a text, email or phone call.
- If you're not sure a text is legit, contact the purported sender using a phone number you know to be legitimate.
- Do not click on links or attachments in untrustworthy texts. If a friend sends you a text with a suspicious link, check with the acquaintance to determine if he or she has been hacked.
Here are alerts about scam texts
From Amazon: Text messages or calls from Amazon never ask you for personal information or your password, the company says. Read more.
"Smishing scams are becoming increasingly advanced,” Amazon adds. “Fraudsters can now insert their scam messages into a thread of legitimate messages that you might have received from us.
"Scam texts often say that there's a problem with your account, ask you for sensitive information like passwords, or state that you're owed a refund."
From Costco: “Unsolicited electronic communications from Costco do not ask for your personal information such as username, password, credit card information, birth date or Social Security number. Never provide personal information in response to an electronic communication."
From Federal Express: “FedEx does not request, via unsolicited mail, email or sms messages, payment or personal information in exchange for goods in transit or in FedEx custody.” (SMS stands for short message service.) Read more.
From the Internal Revenue Service: “The IRS does not initiate contact with taxpayer by email, texts or social media channels to request personal or financial information.” Read more.
Katherine Skiba covers scams and fraud for AARP. Previously she was a reporter with the Chicago Tribune, U.S. News & World Report, and the Milwaukee Journal Sentinel. She was a recipient of Harvard University's Nieman Fellowship and is the author of the book, Sister in the Band of Brothers: Embedded with the 101st Airborne in Iraq.