It’s known as “smishing” — the colloquial term for texting people while purporting to be legitimate but only seeking money or sensitive data, or to wreak havoc with a computer device. The term marries “short message service,” or SMS, and phishing. Phishing, sort of a cousin of smishing, involves the same tactics using emails.
Day and night, these fraudulent text messages bombard our mobile phones. The cybercriminals to blame for these illicit texts pretend to be from government agencies, such as the Internal Revenue Service, megaretailers like Amazon and Costco, and even major banks.
And the perpetrators are growing ever more aggressive, according to a new alert from the Federal Communications Commission (FCC) Robocall Response Team. It warns “that text messages are increasingly being used by scammers to target American consumers.”
Across the U.S., $137 million was reported lost in 2021 from frauds originating in scam texts, according to the Federal Trade Commission (FTC), a consumer protection agency. In 6 percent of overall cases, complainants said they lost money; their median loss was $1,000.
The FCC, which regulates mobile phone providers, is also hearing more smishing complaints every year: 5,700 in 2019, 14,000 in 2020 and 15,300 in 2021. The roughly 8,500 complaints it received through June 30, 2022, suggest that the 2021 total will be surpassed this year.
Independent reports say the actual number of robotexts is astronomical: RoboKiller, a spam call/text-blocking service, estimates that consumers received more than 12 billion robotexts in June of this year alone.
Huge numbers of automated texts can be sent quickly, cheaply and to random configurations of phone numbers within the same area code, says John Buzzard, the lead fraud and security analyst for Javelin Strategy & Research. “And you don’t have to be in Dubuque, Iowa, to ping Dubuque, Iowa,” he notes. The senders “can be anywhere in the world.”
Common smishing ploys
There has been a recent uptick in “wrong number” robotexts, according to the Better Business Bureau (BBB). How it works: A text will read, for example, “Hey is this John? It’s Amanda. We chatted on Tinder before when I came to visit my cousin but we never met irl. I’m back in town if you want to meet up this time, are you free?”
When you respond that they have the wrong number, they try to engage you with a sexy photo, the BBB warns, then encourage you to register for dating or adult websites and eventually give up your credit card number.
Some crooks send texts pressuring recipients to “login” to a fake bank website to verify a purchase or unlock a credit card that was frozen, the FCC says.
They play mind games, too: They fire off tempting texts about supposed opportunities for big money. They lie by saying a consumer is owed a refund. Or they purport to be a package delivery worker who is eager to hand off your parcel and asks that you click a link to confirm when you’ll be home.
Criminals also capitalize on the fear factor, asserting in texts that you could lose money, have been accused of a crime, or will be mortified when embarrassing details about your life are exposed. The COVID-19 pandemic — and trillions of federal dollars unleashed to address the crisis — triggered an array of scam texts about coronavirus cures, surveys and special offers, the FCC says. Several of these hinged on pandemic relief dollars, one falsely offering $30,000 in funds from the “FCC Financial Care Center,” which does not even exist.
A text rife with red flags
Below is a scam text that circulated last year.
Can you spot the red flags in this scam text?
1. Slogan not pertinent — and no need for a space needed before exclamation point.
2. Did the scammer mean “phase”?
3. Missing dollar sign.
4. Presidents-elect do not control the country’s purse strings. Hyphen is missing in the title, too.
5. A head-scratcher: Does the “assistant stimulus” report to the stimulus?
6. Stimulus relief checks for individuals were not distributed to high-income taxpayers, so not everybody was eligible.
7. This is likely a malicious link. Never click on these.
Key ways to stay safe
1. Do not respond to suspicious text messages. Don’t even reply by messaging “STOP” or “NO.” Doing so signals that your phone number is active, and your number could be sold to other criminals.
If you think a text might be legit, contact the purported sender using a phone number you know to be legitimate. Keep in mind that scammers often spoof phone numbers — including in texts — by making it appear that the texter is local or from a legitimate entity so you might be more likely to respond. ·
2. Do not click on hyperlinks or attachments in suspect messages. If a friend sends you a text with a suspicious link, check with the acquaintance to determine if he or she has been hacked.
3. Take steps to filter unwanted messages or block them before they reach you. Several mobile phone providers allow you to block a sender by forwarding unwanted texts to 7726 (“SPAM”). Check with your provider about this and other blocking options available on your phone, through your wireless provider or using a call-blocking app. Here’s more from the Federal Trade Commission.
4. Never share personal or financial information by text, email or phone call. ·
Alerts about scam texts
Companies and organizations that criminals frequently use in their scams have their own warnings.
From Amazon: Text messages or calls from Amazon never ask you for personal information or your password, the company says.
“Smishing scams are becoming increasingly advanced,” Amazon adds. “Fraudsters can now insert their scam messages into a thread of legitimate messages that you might have received from us.
“Scam texts often say that there’s a problem with your account, ask you for sensitive information like passwords, or state that you’re owed a refund.”
From Costco: “Unsolicited electronic communications from Costco do not ask for your personal information such as username, password, credit card information, birth date or Social Security number. Never provide personal information in response to an electronic communication.”
From FedEx: “FedEx does not request, via unsolicited mail, email or sms messages, payment or personal information in exchange for goods in transit or in FedEx custody.” (SMS stands for short message service.)
From the Internal Revenue Service: “The IRS does not initiate contact with taxpayer by email, texts or social media channels to request personal or financial information.”
Editor's note: This article was originally published on June 25, 2021, and has since been updated with new information.
Katherine Skiba is a former scams and fraud writer and editor for AARP. Previously she was a reporter with the Chicago Tribune, U.S. News & World Report and the Milwaukee Journal Sentinel. She was a recipient of Harvard University’s Nieman Fellowship and is the author of the book Sister in the Band of Brothers: Embedded With the 101st Airborne in Iraq.
Christina Ianzito covers scams and fraud for aarp.org, and is the books editor for aarp.org and AARP The Magazine. Also a longtime travel writer and editor, she received a 2020 Lowell Thomas Award for travel writing from the Society of American Travel Writers Foundation.