Estimated reading time: 3 minutes
In this guide, you will learn:
- What is an SMS Scam?
- What are the different variations and content used for SMS scam?
- How can you tell if a message is a scam?
- Why am I getting spam text messages?
- What to do if you receive a spam text
- What to do if you’ve fallen victim to a scam message or phishing text
- How to protect yourself from spam texts
What is an SMS Scam?
SMS Scam or Smishing is a phishing by means of text messages on mobile devices.
Like phishing emails, smishing texts are social-engineering scams that aim to manipulate people into turning over sensitive data. Scammers try to entice victims to click on link inside the text. Clicking on the link can lead to identity theft and possible downloading of malicious payload.
What are the different variations and content used for SMS scam?
SMS Scams rely on persuading you that the sender is a familiar or trusted source and that urgent action is needed to secure a benefit, resolve a problem or avert a threat.
For example, you might get what looks like a text from a company you do business with, such as your bank, a mobile provider, or a tech service like Netflix or PayPal. It claims your account has expired or been locked on some pretext, maybe suspicious activity, and you need to provide personal information or click on a link to reactivate it. That gives the scammers means to steal your money or identity or to infect your device with malware.
Variations abound. A scam text might say you've won a lottery prize or a gift card, or promise a break on student loan debt. It could look like an alert from a government agency such as Social Security or the IRS or link to a phony invoice or cancellation notice for a product or service you supposedly bought.
Most common of all are messages purportedly from the likes of Amazon, FedEx or the U.S. Postal Service about an impending package or shipment snafu.
Scammers use a variety of stories to try to trick you, for example:
- You've won a prize, a gift card, or a coupon that you need to redeem.
- You’re being offered a low or no interest credit card.
- You have been overcharged and are owed a refund, possibly from a government agency such as the IRS or HMRC.
- Your account has been deactivated for your protection, and you need to take steps to reactivate it.
- You can get help to pay off your student debt.
- There is negative information in your credit report which you can remove for a fee.
- Suspicious activity has been noticed on your account, and further action on your part is required.
- There’s a problem with your payment information – you need to take action.
- There’s a notification about a delivery package – perhaps asking you to rearrange a delivery slot or else pay a delivery charge to receive it.
- You’re notified about a purchase or transaction and told to reply if it wasn’t you.
- “Get rich quick” or “Be your own boss” type messages.
How can you tell if a message is a scam?
Scammers are getting more sophisticated at making scam text messages look authentic and often use identity masking technology to change the name displayed as the caller ID. This is known as number spoofing.
That said, if you’re wondering how to tell if a message is a scam, there are a few signs to watch out for:
- Unexpected contact. Think about how an organization usually contacts you. If it isn’t via a text message, contact them directly to check if it’s legitimate. Remember, genuine organizations don’t contact you out of the blue, asking you to disclose personal or financial details via a text message.
- Spelling and grammatical errors. If a message doesn’t look professional, that’s a red flag that it’s probably a scam. Legitimate organizations rarely make glaring spelling or grammatical errors in customer communications.
- Is the message relevant to you? For example, if it informs you about a parcel delivery, did you order or were you expecting anything? If it informs you about a prize, did you enter a competition? If it’s about a gift card, is it from somewhere you have previously shopped?
The golden rule of any scam, online or otherwise, is that if something sounds too good to be true, it probably is.
Additional Warning Signs
- A text message requests personal information, such as your Social Security number or an online account password.
- The message asks you to click a link to resolve a problem, win a prize or access a service.
- The message claims to be from a government agency. Government bodies almost never initiate contact with someone by phone or text, according to the FCC.
- The text offers coronavirus-related testing, treatment or financial aid, or requests personal data for contact tracing.
Why am I getting spam text messages?
There are many ways spammers get hold of your cell phone number so they can send SMS spam and sales texts:
- They may use technology to generate numbers automatically — so even if you have a brand-new number, you can still receive both robocalls and robotexts.
- Social media sites sell your data. Popular and well-known social networking platforms keep track of your online activity and pass the information on to advertisers. If you list your phone number publicly on social media, there’s a high chance it exists in various marketing databases.
- There are many reasons people disclose their phone numbers online – filling out online forms, entering competitions or loyalty programs, and so on. Whenever you hand out your cell phone number online, there’s the potential for it to end up in the wrong hands.
- In the US, you may have called an 800, 888, or 900 number. When you call phone numbers with these prefixes, your cell phone number is collected by an Automatic Number Identification (ANI) system. As well as identifying and storing your number, the ANI system can match it with other digital data associated with you.
Plus, if you've ever responded to a spam text message, even accidentally, your phone number was likely tagged as valid and may have been sold on to other spammers, increasing your odds of getting more junk messages and SMS spam.
What to do if you receive a spam text:
-
Blocking numbers
-
Blocking numbers is easy to do, although precise instructions may vary according to your mobile device's manufacturer, model, and operating system. Remember that the scammers may try texting you from what appears to be a different number each time – by spoofing numbers – which makes the process of manually blocking more laborious.
How to block text messages on iPhone:
- Open the text from the number you wish to block and tap on the sender’s number.
- Click on the info (i).
- Under the Details screen, click on the phone number, choose Block this Caller, and Block Contact.
How to block spam texts on Android:
- On an Android, open your phone app and tap on the three-dot icon in the upper right corner and choose Settings.
- Tap on Block numbers.
- You will find several options, including unknown callers, recent calls, or from your contact list.
- Choose or manually enter a number you wish to block.
-
Filter unknown senders
-
Another way to help reduce spam messages and robotexts is by using spam filters on your mobile device.
Filtering out spam messages on iPhone:
- Go to the Settings app and tap Messages.
- Scroll down until you find the Filter Unknown Senders.
- Turn it on by swiping the button to the right. All messages from a number not in your contact list will be filtered to the Unknown Senders tab found under Filters.
Filtering out spam messages on Android:
- Go to the Messaging app and tap the three dots icon in the upper right-hand of the screen.
- Tap on Settings – Spam Protection.
- Scroll down until you find Enable Spam Protection.
- Turn it on by swiping the button to the right.
-
Never reply
-
With any spam text messages, you should never reply to them. Doing so confirms to the spammers that you’re a real person and a potential target. Sometimes spammers try to trick you into responding by saying, "text STOP to be removed from our mailing list" or something similar. Don’t be fooled by this. If you reply, you can expect more spam texts and calls. You are better off not responding at all.
-
Don’t click on any links
-
Clicking on a link from a spam text could take you to a fake website explicitly set up to steal your money or personal information. In some cases, the website could infect your phone with malware, which may spy on you and slow down your phone’s performance by taking up space on your phone’s memory.
-
Don’t disclose any personal information
-
Remember, legitimate organizations such as banks or government agencies don’t ask for personal or financial information via unsolicited text messages. So guard your personal data carefully and be careful about how you disclose it online. Be wary of any text message that asks you to ‘update’ or ‘verify’ account details.
-
Visit an organization’s website directly
-
If you are unsure whether a text message is real or not, the best thing to do is contact the relevant organization directly. You can search for their website via a search engine and then click through from the search engine results page, or else you can type in the URL directly into your address bar. Or you can find out their phone number and call them to check.
-
Report the scammer
-
In the UK, you can report spam text or robotexts to your cellular carrier by forwarding the unwanted text to 7726 (this spells SPAM). Make sure the original number is showing. This reporting method works for the primary network providers. You may receive an automated response thanking you for the report and giving you further instructions if needed. You will not be charged for sending texts to 7726.
You can also report spam texts on the messaging app you use. Look for the option to report junk or spam:
-
File a complaint
-
It is illegal to send unsolicited commercial messages to users without their consent. The precise complaints procedure will vary by jurisdiction. For example:
- In the US, you can complain to the Federal Trade Commission (FTC)
- In the UK, you can complain to the Information Commissioner’s Office
- In Australia, you can complain to the Australian Communications & Media Authority
What to do if you’ve fallen victim to a scam message or phishing text
If you think you may have passed on personal or financial information to a scammer via a spam message:
- Contact your bank or financial institution immediately to alert them.
- Change all your usernames and passwords across all your accounts.
- Report the fraud to your phone service provider – they may have had other customers with the same experience and can take action if they see their customers experiencing similar spam texts.
- Involve law enforcement where financial loss is involved.
How to protect yourself from spam texts
- Don’t disclose your cell phone number online unless it’s essential. Often, online forms ask us to disclose phone numbers but remember that the details you submit can often end up on marketing lists or databases. Unless it’s essential or mandatory, avoid giving your number out to help reduce the number of unwanted texts and calls.
- Don’t post your cell phone number publicly. For example, avoid listing your cell phone number on your social media profiles such as Facebook, Twitter, or elsewhere.
- Keep an eye on your cell phone bill. Review your phone bill regularly. If you see any charges which don’t look right, contact your network carrier to check if you’re either receiving or unknowingly sending spam messages from your phone.
- Check to see if your carrier offers call blocking. Many major carriers offer call-blocking services that allow you to block phone numbers from unknown callers for a set period.
- Place your number on a Do Not Call Registry. Different countries have different schemes, but in the US, the Federal Trade Commission operates a National Do Not Call Registry. This allows users to opt-out of receiving unwanted texts and marketing calls. However, note that actual scammers don’t abide by this registry, so they will continue to send scam texts regardless.
- Use antivirus protection for phones. So much of our personal information is stored in smartphones and tablets, so it’s advisable to use mobile security to protect it. Trend Micro Mobile Security for Android and iOS both have Fraud Buster feature that can help detect potential scam sms from an unknown sender.
I am not yet a Trend Micro user
- For PC users, install Trend Micro Maximum Security to stop malware, fraud, phishing, email hacking, and other targeted attacks on your PC and online accounts.
- For mobile users, get the same protection with ...
- Trend Micro Mobile Security for Android phones and tablets.
- Trend Micro Mobile Security for iPhones and iPads.
- Trend Micro ScamCheck to stop spam and scam texts, and look up scammers websites and scammer phone numbers.
I have Trend Micro Security installed
Enable the best Trend Micro settings to protect you from online scams. Follow these guides:
- Protect yourself from scams on Windows.
- Protect yourself from scams on Android.
- Protect yourself from scams on iOS with Web Guard and Fraud Buster.

GUARD YOURSELF AGAINST SCAMS!
Discover how to protect yourself from scams, online fraud, and dive into essential topics to protect your digital identity, and care for your devices.
Visit our 👉 Cybersecurity Learning Center! 👈