You get a text that looks like it’s from USPS: “Your package cannot be delivered. Update your address here.” Or from your bank: “Suspicious activity detected on your account. Verify now.” Or from a toll company: “You have an unpaid toll of $4.35. Pay immediately to avoid a $50 late fee.”
None of these are real. They’re text message scams — also called “smishing” (SMS + phishing) — and they’re exploding in 2026. Americans received over 225 billion spam texts last year, and the scams are getting more convincing by the day.
This guide explains how text message scams actually work, why scammers have your phone number in the first place, and how to protect yourself at the source.
In this guide:
- The most common text message scams in 2026
- How to spot a scam text instantly
- Why scammers have your phone number
- How to stop scam texts at the source
- What to do if you’ve already clicked a scam link
The root cause: Scammers have your phone number because data brokers are selling it. Run a free Optery scan to see how many sites have your number listed right now — then remove it.
The Most Common Text Message Scams in 2026
Text message scams follow predictable patterns. Here are the ones hitting phones right now:
Fake package delivery texts. “USPS: Your package could not be delivered. Click here to update your address.” These explode during holiday shopping season but run year-round. The link leads to a fake site that captures your personal information or installs malware.
Bank and financial alerts. “Chase Bank: Unauthorized transaction of $847.00 detected. If this wasn’t you, click here immediately.” The urgency is designed to override your judgment. The link leads to a fake banking login that steals your credentials.
Toll and parking fee scams. “You have an unpaid toll of $4.35. Pay within 24 hours to avoid a $50 penalty.” These are particularly effective because the amount is small enough to seem believable, and the penalty creates urgency. The payment page steals your credit card information.
IRS and tax scams. “IRS: Your tax refund of $1,284 is pending. Verify your identity to receive payment.” The IRS never contacts you by text message. These spike during tax season and target people expecting refunds.
“Wrong number” romance scams. “Hey, are we still on for dinner tonight?” When you reply “wrong number,” the scammer strikes up a friendly conversation that eventually leads to a romance scam, investment scam, or request for money. These are often run by organized criminal operations.
Job offer scams. “Work from home and earn $5,000/week! Reply START to learn more.” These lead to fake job applications that harvest your personal information, or advance-fee scams that ask you to pay for training or equipment.
Prize and lottery scams. “Congratulations! You’ve won a $500 Amazon gift card. Claim it here before it expires.” The link either installs malware or asks for personal details to “verify” your prize — which is used for identity theft.
Account verification scams. “Your Apple ID has been locked due to suspicious activity. Verify here to restore access.” These impersonate tech companies and steal your login credentials. Once they have your Apple ID or Google account, they can access everything.
How to Spot a Text Message Scam Instantly
Even sophisticated text message scams have telltale signs:
It creates urgency. “Act now,” “immediately,” “within 24 hours,” “your account will be suspended” — legitimate companies don’t pressure you through text messages. If a text makes you feel panicked, that panic is manufactured.
It contains a link. This is the biggest red flag. Legitimate companies rarely send clickable links via text. Your bank wants you to open their app or type their URL directly — not click a link in a text. If there’s a link, assume it’s a scam.
The link looks wrong. Scam links use domains that look similar to real ones: “usps-delivery-update.com” instead of “usps.com,” or “chase-secure-alert.com” instead of “chase.com.” Some use URL shorteners (bit.ly, tinyurl) to hide the real destination.
It asks for personal information. No legitimate company asks for your SSN, credit card number, password, or bank account details via text message. Ever.
It comes from a regular phone number. Legitimate businesses typically send texts from short codes (5-6 digit numbers) or verified business numbers. A scam often comes from a regular 10-digit phone number.
It mentions something you didn’t do. A package you didn’t order. A toll you didn’t drive through. A transaction you didn’t make. If the text references something that doesn’t match your recent activity, it’s a scam.
The golden rule: when in doubt, go directly to the source. If a text claims to be from your bank, don’t click the link — open your banking app or type your bank’s URL directly into your browser. If there’s really an issue, you’ll see it when you log in normally.
Why Scammers Have Your Phone Number
Here’s the question most text message scam guides skip: how do scammers get your number in the first place?
Data brokers sell it. This is the biggest source. Your phone number is listed on an estimated 200-600+ data broker sites right now — packaged with your name, address, and other personal details. Scam operations buy these lists in bulk and blast texts to every number. Run a free Optery scan to see how many sites have your number.
Data breaches expose it. When companies get hacked, your phone number (along with your name and email) gets leaked into criminal databases. Those databases are used to target you with personalized scam texts.
You entered it on a form somewhere. Every online purchase, loyalty program, contest entry, and app signup that asked for your phone number is a potential source. Companies share and sell your information — and some of it ends up with scammers.
Random number generation. Some scammers don’t target specific people — they blast texts to every possible phone number in a given area code. But the most dangerous scams are the personalized ones, where the scammer knows your name and other details from data broker sites.
The more personal information available about you online, the more convincing scam texts become. When a scammer knows your name, bank (inferable from your location), and recent activity (from data brokers and social media), their texts feel legitimate.
How to Stop Text Message Scams at the Source
Blocking individual spam numbers is like playing whack-a-mole — scammers rotate through millions of numbers. Here’s how to actually reduce text message scams:
Step 1: Remove Your Phone Number from Data Broker Sites
This is the most impactful step. When your phone number is removed from data broker databases, scam operations can’t buy it in bulk lists anymore. Users who remove their numbers consistently report significant reductions in spam texts within 1-2 months.
Optery — Our top recommendation. Free scan to see where your number is listed. Paid plans ($39-$249/year) automate removal from 350+ data broker sites with continuous monitoring. Read our full Optery review →
Incogni — Best budget option. Covers 180+ data brokers for $6.49/month billed annually. Read our full Incogni review →
Step 2: Enable Spam Filtering on Your Phone
iPhone: Settings → Messages → toggle on “Filter Unknown Senders.” This moves texts from unknown numbers to a separate tab so they don’t trigger notifications.
Android: Open Messages app → Settings → Spam protection → toggle ON. Google’s spam detection automatically identifies and filters suspected scam texts.
Samsung: Messages → Settings → Block messages → toggle on spam filtering.
Step 3: Use a Secondary Phone Number
Get a free Google Voice number and use it for online forms, signups, deliveries, and anything that doesn’t absolutely need your real number. If scam texts hit your Google Voice number, it doesn’t matter — your real number stays clean.
Step 4: Report and Block Scam Texts
Forward scam texts to 7726 (SPAM). This reports the number to your carrier’s spam database, helping protect other users.
Block the number. On iPhone: tap the number → Block this Caller. On Android: tap and hold the message → Block. This prevents that specific number from texting you again, though scammers will use different numbers.
Report to the FTC. File a complaint at reportfraud.ftc.gov.
Step 5: Never Reply — Not Even “STOP”
This is critical. Replying to a scam text — even with “STOP” or “unsubscribe” — confirms to the scammer that your number is active and monitored by a real person. This makes your number MORE valuable, not less. You’ll get MORE scam texts, not fewer.
The only exception: texts from legitimate businesses you actually signed up for. For those, “STOP” works as required by law.
What to Do If You Clicked a Scam Text Link
If you already tapped a link in a text message scam, act fast:
Don’t enter any information. If you clicked but haven’t entered anything, close the page immediately. You may be okay — many scam sites need you to actually submit information to do damage.
If you entered login credentials: Change the password on that account immediately. Enable two-factor authentication. Check the account for unauthorized activity.
If you entered payment information: Contact your bank or credit card company immediately. Request a new card number. Monitor your statements for unauthorized charges. Freeze your credit if the scam captured your SSN or extensive personal details.
If you entered personal information (SSN, date of birth, address): Freeze your credit immediately with all three bureaus. File an identity theft report at IdentityTheft.gov. Monitor your credit reports for new accounts you didn’t open.
Run a malware scan. Some scam links install malware on your phone. Run your phone’s built-in security scan or install a reputable security app and scan your device.
Remove your data from broker sites. If scammers already have your phone number and personal details, removing that information from data broker sites limits what they can do with it. Run a free Optery scan to see your exposure, then use Optery or Incogni for automated removal.
Why Text Message Scams Are Getting Worse
Text message scams are growing faster than email phishing for several reasons:
Texts feel more personal than email. You expect spam in your email inbox. But a text message feels like it’s meant specifically for you — especially when it uses your real name (which scammers got from data broker sites).
Open rates are near 100%. Most people read every text they receive within minutes. Email open rates are around 20%. Scammers know texts get seen.
Phone screens hide full URLs. On a computer, you can hover over a link to see where it goes. On a phone, the full URL is often hidden — making it harder to spot a fake domain before you tap.
AI makes scam texts more convincing. Scammers now use AI tools to generate grammatically perfect, contextually appropriate scam texts. The days of obvious typos and broken English are ending — modern scam texts look indistinguishable from legitimate ones.
Data brokers provide personalization. When scammers buy your personal information from data broker sites, they can customize texts with your real name, approximate location, and likely bank — making generic scams feel targeted and personal.
Your Complete Anti-Scam Text Action Plan
Here’s everything you need to protect yourself from text message scams:
- Run a free Optery scan — see how many data broker sites have your phone number listed (30 seconds, free)
- Remove your number from data broker sites — use Optery or Incogni to cut off the source
- Enable spam filtering on your phone (iPhone: Filter Unknown Senders / Android: Spam protection)
- Set up Google Voice — use it for all online forms and signups going forward
- Never click links in texts — go directly to the company’s app or website instead
- Never reply to scam texts — not even “STOP”
- Forward scam texts to 7726 to report them to your carrier
The scam texts keep coming because your phone number keeps getting sold. Cut off the supply and the texts dry up.
Frequently Asked Questions
Why am I getting so many scam texts?
Your phone number is listed on hundreds of data broker sites that sell it in bulk to telemarketers and scam operations. It may have also been exposed in a data breach. Run a free Optery scan to see where your number is listed.
Should I reply “STOP” to scam texts?
No. Replying to a scam text confirms your number is active, which makes it more valuable to scammers. You’ll receive more scam texts, not fewer. Only reply “STOP” to texts from legitimate businesses you actually signed up for.
Can scam texts install malware on my phone?
Simply receiving a text can’t install malware. But clicking a link in a scam text can lead to a malicious website that installs malware or tricks you into downloading a malicious app. Never click links in suspicious texts.
How do scammers know my name in text messages?
From data broker sites that publicly list your name alongside your phone number. Criminals buy this information in bulk. Removing your data from broker sites using Optery or Incogni prevents this personalization.
Will blocking scam numbers stop scam texts?
It stops texts from that specific number, but scammers rotate through millions of numbers. Blocking is a temporary fix. The long-term solution is removing your phone number from data broker sites so scammers can’t buy it in the first place.
How do I report a scam text?
Forward the text to 7726 (SPAM) to report it to your carrier. You can also report it to the FTC at reportfraud.ftc.gov. On iPhone and Android, use the built-in “Report spam” option when available.
Is it safe to open a scam text without clicking the link?
Yes. Simply reading a text message is safe. The danger is in clicking links, replying, or calling phone numbers in the text. Read it, recognize it as a scam, and delete it.
This post contains affiliate links. If you purchase through our links, we may earn a commission at no extra cost to you. See our affiliate disclosure for details.