The scam text, known as smishing, has quietly become one of the most common ways fraud reaches people, simply because a text is cheap to send, hard to filter perfectly, and easy to tap by reflex. The messages are short, urgent, and designed to get one thing: a single tap on a link, or a single reply. Learn the handful of scripts they use and you can spot almost any of them in a second.
The scam texts you will see most
Most smishing falls into a few families. There is the delivery text saying a package is held and needs a small fee or an address confirmation. The unpaid toll or traffic fine demanding quick payment. The bank or Amazon alert about a suspicious charge. The wrong number text that turns friendly and slowly becomes an investment pitch. And the account or prize text saying you must verify or claim something now. Different words, identical goal.
Whatever the story, the message wants you to tap a link to a fake login page, reply with information, or call a number where a live scammer picks up. The link often uses a shortened or slightly misspelled web address so it looks close enough to real at a glance.
Red flags in a scam text
- An urgent problem or threat from a company or agency you did not contact.
- A link you are told to tap right now, often shortened or slightly misspelled.
- A request for payment, card details, a login, or a verification code.
- A delivery, toll, or fine fee that must be paid by text link.
- A friendly wrong number that keeps the conversation going.
If a text you did not expect wants you to tap a link or send money, treat it as a scam and do not tap.
Why smishing keeps growing
Text scams have exploded for practical reasons. Sending millions of texts costs almost nothing, sender IDs and phone numbers are easy to spoof or rotate, and link shortening services hide where a link really goes. Filters catch a lot, but enough gets through, and a text feels more personal and urgent than an email, so people tap before they think. Understanding that these are mass, automated blasts, not messages meant personally for you, makes them much easier to ignore.
What to do when a scam text lands
The safest response is almost nothing. Do not tap the link, do not reply, and do not call the number. Replying, even to say stop, only confirms your number is active and invites more. If the message claims to be from a company you use, open that company's official app or type its web address yourself to check, exactly as you would with a suspicious email.
Report it in two taps
On any US carrier, forward the scam text to 7726, which spells SPAM on the keypad. It alerts your carrier to the sender. Then delete the message, and block the number if you like, though scammers rotate numbers quickly.
If you already tapped or paid
If you entered a password on a fake page, change it immediately and turn on two step verification for that account. If you shared card or bank details, call your bank right away to freeze the card and dispute any charges. Then report it to the FTC and FBI. For the phone-call versions of these scams, see our scammer profiles.
Back to all articles