Text message scams are on the rise, according to the Federal Communications Commission (FCC), with scam texts costing Americans over $10 billion in 2021.
In 2019, just 5,700 people notified the FCC of unwanted text messages. That number more than doubled in 2020, with 14,000 people complaining of scam text messages. 2022 is on track to outpace both years, with 8,500 complaints as of June 2022.
How do SMS attacks work?
Robotexts are the new robocalls, surpassing spam calls for the first time in 2020. It is estimated that billions of robotexts are being sent each month, ranging from rogue surveys to unclaimed packages. RoboKiller, an app that blocks spam texts and calls estimates that consumers received over 12 billion texts in June.
The FTC has seen a spike in reports from people getting text messages that look like they’re from legitimate and well-known entities such as the USPS, Costco, or The Home Depot. Numerous retailers have alerts on their websites to inform consumers about fraudulent surveys, including CVS Pharmacy, Walmart, Target and Best Buy. Most recently, pharmacy chains CVS and Walgreens have been the subject of fake survey scams that request personal information: full name, address, Social Security number, credit card number, and more.
Scammers take advantage of people by monopolizing current trends and events, too. For example, the pandemic fueled a spate of fake COVID-19 vaccine surveys. According to RoboKiller, the top 5 text scams of 2021 were related to:
- Package/Mail Delivery (impersonating Amazon, FedEx and USPS): 23,076,811,343 (26.3%)
- Covid-19: 5,696,455,112 (6.5%)
- Bank: 3,071,087,772 (3.5%)
- Apple + Hardware Sweepstakes: 2,601,735,612 (3%)
- Healthcare: 1,060,272,839 (1.2%)
Scammers use various lures to trick someone into giving up their confidential information.
- Phishing text messages (also known as “smishing” can be spoofed to make it look like they are coming from a company or organization that is recognized and trusted.
- The false-yet believable smishing baits, as reported by consumers to the FCC, include claims regarding unpaid bills, package delivery issues, law enforcement actions, or bank account problems.
- Some of the convincing lures in text phishing attacks are links redirecting the targets to landing pages, mimicking bank websites and asking to verify a purchase or unfreeze credit cards.
Individuals aren’t the only victims of these types of scams. Organizations and companies are also victims of text phishing attacks.
- 74% of organizations faced smishing attacks in 2021, versus 61% in 2020.
- 10% of organizations in the U.S. received over 100 text phishing attacks in 2021.
What does the FCC advise?
- Don’t click on links or respond to unexpected texts — including ones asking you to fill out surveys to get free items. If you think it could be legit, contact the company using a website or phone number you know is real. Don’t use the information in the text message.
- Don’t pay to get a package redelivered. The real USPS won’t contact you out of the blue about a delivery (unless you submitted a request first and give a tracking number) — and they’ll never demand payment to redeliver a package.
While the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act requires all phone companies to install robocall detection technology, including filters and messages warning consumers of likely spam, it does not currently rovide the same protection against robotexts.
