Some links in this post are affiliate links. If you buy through them, FutureCybers may earn a small commission at no extra cost to you. See our affiliate disclosure for details.
Quick answer: Scam texts (called smishing) are surging, with the average American getting around 14 a day. Don’t tap links in unexpected texts, never enter logins or card details from a text, verify the company by going to its app or site yourself, and lock your accounts with phish-resistant two-factor authentication.
My phone buzzed three times before lunch yesterday. A “missed delivery.” A “toll you forgot to pay.” A “fraud alert” from a bank I don’t even use. All fake. If your inbox looks like mine, you’re not imagining it. Text scams have gotten relentless, and they’re getting smarter.
According to McAfee’s 2026 State of the Scamiverse report, the average American now receives about 14 scam messages a day. Text-message phishing has quietly become the number one way crooks try to reach us. Google also put out a fraud and scams advisory this month flagging the same trend. So let’s talk about what’s actually going on and, more importantly, how you shut it down.
What are scam texts (smishing) and why are they everywhere?
Smishing is just phishing that arrives by text instead of email. The word smushes together “SMS” and “phishing.” The goal is always the same: get you to tap a link, hand over a password or card number, or approve something you shouldn’t.
Texts work scary well for the bad guys because we treat them as personal and urgent. An email can sit unread for a week. A text feels like a friend tapping your shoulder. Scammers know this, so they lean on it hard. Industry reporting now puts text-message phishing at roughly 30 percent of all observed scams, which makes it the single most common channel out there.
There’s also an uncomfortable new wrinkle. Attackers are using AI to write these messages, so the old advice about spotting typos and clunky grammar doesn’t hold up anymore. The fakes read clean now. Some even reference real companies, real tracking numbers, and your actual first name.
The scam texts showing up most right now
A few patterns are doing the rounds heavily this season, so these are worth committing to memory.
The fake delivery text is the classic. “Your package couldn’t be delivered, update your address here.” There’s a link, the link looks close to a real carrier, and the page asks for a small “redelivery fee” plus your card. That fee is the bait. The card theft is the point.
Then there’s the toll scam, where you supposedly owe a few dollars to a highway authority. Tiny amount, big urgency, fake payment page. The bank fraud alert is another favorite: “Did you authorize a $750 charge? Reply NO.” Reply, and a “fraud agent” calls to walk you through “securing” your account, which really means draining it.
The newest one I’ve seen flagged is a fake Amazon product recall text. It claims something you bought is being recalled and links you to a page to “confirm your details” for a refund. It’s built to grab your Amazon login and payment info. Amazon doesn’t handle recalls by random text, so treat any version of this as a scam.
How to spot a scam text before it gets you
You don’t need to be technical. You need a couple of reflexes.
First, urgency plus a link is the tell. Almost every scam text tries to rush you. Real companies rarely need you to act in the next ten minutes through a link in a text. Second, look at who’s actually asking. A real bank won’t text you a login page. A real carrier won’t ask for card details over SMS. Third, check the sender. Legit business texts usually come from short codes or verified business numbers, not a random 10-digit cell number or an email-looking address.
One habit that’s saved me more than once: I never tap the link in the text. If “my bank” texts about a problem, I open the bank’s app directly or type the address myself. If there’s a real issue, it’ll be waiting for me there. If there’s nothing, the text was junk.
6 smart ways to stop scam texts
Here’s the part that actually moves the needle. The first three take five minutes total.
1. Don’t tap, don’t reply, just report. Replying (even “STOP”) tells a scammer your number is live. Instead, forward the message to 7726, which spells SPAM, to report it to your carrier. You can also report scam texts to the FTC at reportfraud.ftc.gov. Then delete it. On most phones you can also long-press and choose “Report Junk.”
2. Verify the company yourself, never through the text. Go to the official app or type the web address by hand. This one move defeats nearly every smishing attempt, because the whole scam depends on you using their link.
3. Turn on two-factor authentication, and make it phish-resistant. Even if a scam text tricks you into giving up a password, strong two-factor stops the login. App codes are good. A physical key is better, because it can’t be phished or relayed. I keep a FIDO2 hardware security key on my keychain and use it on email and banking first. Those are the accounts a scammer wants most.
4. Use your carrier’s free spam filtering. The major US carriers all offer free scam-blocking tools and apps. Turn them on. They won’t catch everything, but they’ll thin out the flood.
5. Lock down your most sensitive logins. Use unique passwords and a password manager so one stolen credential can’t unlock your whole life. If you carry tap-to-pay cards, an RFID-blocking wallet is a cheap extra layer for the physical side of things.
6. Slow down and verify with the actual person or company. If a text claims to be a relative in trouble or your boss asking for gift cards, call them on a number you already have. Scammers count on you reacting fast. Taking 60 seconds breaks the spell.
What to do if you already tapped the link
It happens, and panicking doesn’t help. If you entered a password, change it right now on the real site, and change it anywhere you reused it. If you typed in card details, call your bank, freeze or replace the card, and watch your statements. If you think your identity is exposed, consider a credit freeze with the three bureaus, which is free and reversible. Acting in the first hour matters more than beating yourself up about the tap.
Want to get sharper about this stuff without the jargon? Our starting in cybersecurity guides are a friendly place to begin, and you’ll find more plain-English breakdowns over on the FutureCybers homepage.
Frequently asked questions
What happens if I just reply to a scam text?
Replying confirms your number is active and monitored, which usually leads to more scam texts, not fewer. Even replying “STOP” can backfire with criminals (it works only with legitimate senders). Report the message to 7726 and delete it instead.
Does forwarding scam texts to 7726 actually do anything?
Yes. 7726 (SPAM) reports the message to your mobile carrier, which uses those reports to identify and block scam numbers. It’s free and takes a few seconds.
Can opening a scam text infect my phone?
Simply reading the text is almost always harmless. The danger starts when you tap the link or download an attachment. Treat the link as the trap and you avoid most of the risk.
How do scammers know my name and what I ordered?
Usually from earlier data breaches and leaked marketing lists, not because they hacked you personally. They blast huge lists and use AI to make messages look personal, so a text knowing your name doesn’t mean it’s real.
FutureCybers is a participant in the Amazon Services LLC Associates Program. As an Amazon Associate we earn from qualifying purchases.