Similar to scam emails that are known as "phishing,” scam text messages are called “smishing.” The term is derived from combining the text messaging protocol Short Messaging Service (SMS) with the phishing term. The end goal of both scams is the same: trick victims into giving up money or sensitive information that can be used for identity theft and fraud. A typical smishing scam message may seem like it's from a bank – maybe your bank – and include a link or phone number to bait you into clicking or calling. If you do, you stand a good chance of being hooked. And that's when the scammers get to work, manipulating your personal information, which they can sell and/or use in other scams. Scammers may also try to entice you into downloading malware to your device.


While many users are aware of the dangers of responding to suspicious emails, they often let their guards down with text messages. As a result, 21% of all fraud cases reported to the FTC/FCC in 2021 started with a text message. The average monetary loss to victims of such scams was $900.


Here are some red flags you should look out for whenever you receive a strange text or message on a messaging app:


  • The text message is unsolicited (scammers will always contact you out of the blue).
  • The text sender has a long phone number (10 or 11 digits).
  • The phone number is “spoofed” (i.e., it looks like it’s coming from someone you know or trust).
  • The text includes a link that is most likely shortened or scrambled.
  • It is written with a sense of urgency (such as claiming you owe money to the IRS or that you’ve been charged a subscription payment you never signed up for).
  • The text contains strange grammar or spelling mistakes.
  • It promises a reward or prize if you respond or click a link.
  • The text claims to be from a company you use but weren’t expecting to hear from. 
  • It claims to be from a colleague, family member, or friend but doesn’t sound like them.
  • The sender asks you to call them back.
  • The text contains requests for refunds for supposed overcharged services.


Always be cautious if you receive a message showing one or more of these warning signs. And while you might be curious to know who is sending you these messages, resist the urge to engage with them to find out. Things you can do to avoid being a victim of a smishing attempt include:


  • Never click links, reply to text messages or call numbers you don't recognize.
  • Do not respond, even if the message requests that you "text STOP" to end messages.
  • Delete all suspicious texts.
  • Make sure your smart device OS and security apps are updated to the latest version.


Validate any suspicious texts. If you get a text purportedly from a company or government agency, check your bill for contact information or search the company or agency's official website. Call or email them separately to confirm whether you received a legitimate text. A simple web search can thwart a scammer.


Bottom line: Stop before you engage and avoid the urge to respond. According to the FBI, Americans lost more than $1.4 billion to cybercrime in 2017, and a significant portion of that is attributed to personal data breaches, identity theft, confidence fraud and credit card fraud totaling hundreds of millions of dollars.


*Edited and reprinted from aura.com and fcc.gov