SMSishing & Text Message Scams

The Message: "FRAUD ALERT: Unauthorized charge of $1,247.99 detected on your account. Reply YES to approve or NO to block. Call 1-888-XXX-XXXX immediately."

How It Works:

• The text creates panic with a large unauthorized charge
• If you call the number, scammers pretend to be fraud prevention and ask for your card details, PIN, or online banking password
• If you click a link, it takes you to a fake bank website that steals your login credentials
• Some versions ask you to reply with personal information or account numbers

The Message: "USPS: Your package is on hold due to incomplete address. Update delivery info: [malicious link]" or "FedEx: Package couldn't be delivered. Reschedule here: [link]"

How It Works:

• Scammers know everyone gets packages, so this message feels relevant
• The link takes you to a fake USPS/FedEx/UPS website
• They ask for "redelivery fees" (stealing your credit card) or personal information
• Some versions install malware on your phone when you click the link

The Message: "Venmo: Someone requested $500 from you. Click here to approve or deny: [link]" or "Zelle payment failed. Verify your account to complete transfer: [link]"

How It Works:

• The link takes you to a fake Venmo/Zelle/Cash App login page
• When you enter your credentials, scammers steal them and access your real account
• They immediately drain your balance and connected bank account
• Some variants claim you received money and need to "verify" to collect it

The Message: "IRS: You have unclaimed tax refund of $2,847. Claim now before it expires: [link]" or "SSA: Your Social Security benefits are suspended. Verify your SSN immediately: [link]"

How It Works:

• Scammers offer "refunds" or threaten "suspensions" to create urgency
• Links lead to fake government websites stealing your Social Security number, bank account, or identity documents
• Some ask for payment to "process" refunds or "unsuspend" accounts
• They may also threaten arrest or legal action to pressure you

The Message: "Amazon: Suspicious activity detected on your account. Verify your identity to prevent suspension: [link]" or "Apple: Your iCloud account has been locked. Restore access: [link]"

How It Works:

• Fear of losing account access makes people click without thinking
• Fake login pages steal your username, password, and sometimes credit card stored in the account
• Scammers use your credentials to make purchases or steal stored payment methods
• They may lock you out of your real account by changing the password

The Message: "Hey mom, this is my new number. My phone broke. Can you send me $500 for emergency car repair? Venmo me at..." or "Hi, this is your grandson. I'm in jail and need bail money. Please don't tell mom."

How It Works:

• Scammers research your social media to learn family relationships and names
• They create urgency ("emergency", "in jail", "stranded") to bypass your skepticism
• They ask for payment via methods that can't be reversed (wire transfer, gift cards, crypto)
• They may claim they can't talk ("in court", "phone broken") to avoid voice verification

1. Never click links in unsolicited texts: If you get an unexpected text from a bank, delivery service, or company, don't click the link. Go directly to their website (type it yourself) or use their official app.
2. Don't reply to suspicious texts: Replying confirms your number is active, leading to more scam attempts. Just delete the message.
3. Verify independently: If a text claims to be from your bank or a company, call them using the phone number on your card, statement, or their official website - not the number in the text.
4. Check sender details: Legitimate companies use short codes (5-6 digit numbers) or consistent sender names. Random phone numbers or generic sender names are red flags.
5. Look for urgency tactics: Scammers create panic ("account suspended", "unauthorized charge", "immediate action required"). Legitimate companies don't pressure you via text.
6. Inspect links carefully: Before clicking, long-press (mobile) or hover (desktop) to preview the URL. Fake sites use similar domains like "usps-tracking.com" instead of "usps.com" or "amazonsecurity.com" instead of "amazon.com"
7. Enable spam filtering: Most carriers offer free spam text filtering. Enable it in your phone settings or contact your carrier.
8. Use two-factor authentication (2FA): Even if scammers get your password from a phishing text, 2FA adds another layer of protection. Use authenticator apps or hardware keys, not SMS codes.
9. Trust your instincts: If something feels off, it probably is. Take a moment to think before acting on any text message request.
10. Report and block: Forward spam texts to 7726 (SPAM) on most carriers. This helps them block future scam messages. Then block the sender.

If you accidentally clicked a link or entered information on a suspicious site:

1. Change passwords immediately: Update passwords for the affected account and any other accounts using the same password. Use unique passwords everywhere.
2. Enable 2FA: Add two-factor authentication to all important accounts if you haven't already.
3. Contact your bank: If you entered credit card or banking information, call your bank immediately to report potential fraud and monitor for unauthorized charges.
4. Monitor your accounts: Check bank statements, credit reports, and account activity regularly for suspicious activity.
5. Run antivirus scan: If you clicked a link on your computer or phone, run a full antivirus scan to check for malware.
6. Report it: Report the scam to the FTC at ReportFraud.ftc.gov and forward the text to 7726 (SPAM).