You’re sitting on the couch, maybe halfway through a Netflix show, when your phone buzzes. It’s a text. Something about a toll road payment you missed or a "problem" with a USPS package delivery. It looks official. It feels urgent. But before you tap that link, you need to know that the FBI warns about texting scams that are currently draining bank accounts across the country.
They call it smishing. It's a clumsy name for a dangerous problem.
Basically, it’s SMS phishing. Scammers are sending out millions of these messages every day, betting on the fact that we’re all a little distracted. We live on our phones. We trust our message inbox more than our email because, honestly, our email is already a disaster zone of spam. But that trust is exactly what the FBI is worried about right now. The Internet Crime Complaint Center (IC3) has seen a massive spike in reported losses from these types of mobile-specific attacks. It's not just "Nigerian Princes" anymore; it's sophisticated social engineering that looks like it's coming from your own bank or a government agency.
The Anatomy of the Current Smishing Wave
Why is this happening now? The technology to send bulk texts has become dirt cheap. Scammers use "sim boxes" or web-based platforms to blast thousands of messages for pennies. The FBI warns about texting campaigns that specifically leverage "fear of missing out" or, more effectively, "fear of getting in trouble."
Take the recent SunPass or E-ZPass scams. People in Florida, New York, and Pennsylvania started getting texts saying they owed $12.50 in unpaid tolls. The message warned of a $50 late fee if they didn't pay immediately. The link looked legitimate—something like "https://www.google.com/search?q=sunpass-tolls-service.com." People clicked. They entered their credit card info. And just like that, the scammers had everything they needed to go on a shopping spree.
It's a numbers game. If they send 100,000 texts and only 1% of people click, that’s 1,000 victims. If each victim loses $500, the scammers just made half a million dollars from a single afternoon of work.
💡 You might also like: Inside of a train engine: What actually happens under the hood of a 400,000-pound beast
FBI Warns About Texting: The Red Flags You’re Missing
The most dangerous part of these texts is how they mimic the flow of our actual lives. We all order stuff online. So, when a text arrives saying "USPS: Your package is on hold due to a missing house number," it feels plausible. You might have actually ordered something yesterday.
But look closer.
The FBI points out that government agencies—like the IRS, the Social Security Administration, or the FBI itself—will almost never initiate contact via text message. They certainly won't ask for your social security number or a payment in cryptocurrency over an SMS thread.
Common Scenarios to Watch For:
- The "Bank Alert" Scam: A text says there is "unusual activity" on your account. It asks you to click a link to "verify" your identity. This link leads to a clone of your bank's login page. You type your username and password. Now, the scammer has them.
- The Wrong Number Hook: "Hey, is this Sarah? I'm in town for the weekend." This feels innocent. You reply saying "Wrong number." They reply back being "super nice" and try to strike up a conversation. This is the start of a "Pig Butchering" scam, a long-term play where they eventually convince you to invest in fake crypto platforms.
- The Job Offer: You get a text about a high-paying remote job. All you have to do is "transfer some funds" or pay for "startup equipment." It’s fake.
The grammar in these messages is getting better, too. It used to be easy to spot a scam because of the broken English. Not anymore. With AI tools, scammers can write perfectly professional-sounding messages that bypass your "this feels sketchy" filter.
Why Technical Solutions Aren't Enough
You might think your phone carrier should be blocking these. They try. T-Mobile, Verizon, and AT&T have filters, but it’s a game of cat and mouse. Scammers rotate through thousands of "spoofed" numbers. By the time a number is flagged as spam, they’ve already moved on to the next one.
Encryption is another hurdle. Because services like iMessage or WhatsApp are end-to-end encrypted, the carriers can’t actually see the content of the message to scan it for malicious links. The security feature that protects your privacy also protects the scammer's payload.
The FBI warns about texting because the weakest link in the security chain is the human being holding the phone. We're prone to "active response." When our phone pings, we check it. When a message says "Urgent," we feel a spike of cortisol. That physical reaction makes us more likely to click before we think. It’s a psychological hack, not just a technical one.
✨ Don't miss: Is the Samsung 980 Pro 2TB SSD still the best choice for your PC?
The Real Cost of a Single Click
What actually happens if you click? It’s usually one of two things.
First, the "Credential Harvest." The link takes you to a fake site that looks like a real one (Netflix, Amazon, Chase Bank). You "log in," and they steal your credentials. If you use the same password for everything, they now have access to your whole digital life.
Second, the "Malware Injection." This is rarer on iPhones but more common on Android. The link triggers a download of a small file that sits in the background. It can log your keystrokes, record your screen when you open financial apps, or even intercept the Two-Factor Authentication (2FA) codes sent to your phone. This is why the FBI is so adamant about not even clicking the link to "see where it goes." Even a visit to the site can give scammers data about your device, your location, and whether your number is "active."
How to Protect Yourself Right Now
If you get a suspicious text, the best thing to do is... nothing. Don't reply "STOP." Don't call the number. Just delete it.
👉 See also: Is the 2017 Model S 90D the Best Used Tesla You Can Actually Buy?
If you're actually worried that your bank account is locked or your USPS package is stuck, go to the source. Open your browser and type in the official website address yourself. Call the number on the back of your actual credit card. Never use the contact info provided in the text.
The FBI suggests reporting these messages to 7726 (which spells SPAM). This helps carriers identify and block the numbers involved in the campaign. It won't stop the scam overnight, but it adds to the collective data used to protect everyone else.
Practical Next Steps to Secure Your Phone
To stay ahead of the curve and follow what the FBI suggests, you should implement these layers of defense immediately:
- Enable "Filter Unknown Senders": On iPhone, go to Settings > Messages and toggle on "Filter Unknown Senders." This puts texts from people not in your contacts into a separate list and disables links from being clickable until you move them to your inbox.
- Use a Password Manager: If you do accidentally click a link and land on a fake site, a password manager won't recognize the URL and won't auto-fill your password. This is a massive safety net.
- Switch to App-Based 2FA: Stop using SMS for your security codes. If a scammer manages to "SIM swap" you or use malware to read your texts, your 2FA is useless. Use an app like Google Authenticator, Authy, or a hardware key like a YubiKey.
- Report to the IC3: If you’ve actually lost money, don't be embarrassed. File a report at ic3.gov. It’s the only way law enforcement can track the scale of these operations and potentially claw back funds if the report is filed quickly enough.
The reality is that your phone number is public information. It's been leaked in a dozen different data breaches over the last decade. You can't stop the texts from coming, but you can change how you react to them. Treat every unsolicited text with a healthy dose of skepticism. If it feels urgent, it’s probably a scam. Real problems usually arrive via a physical letter or a secure message inside your banking app—not a random text from a 10-digit number you don't recognize.