Multiple Faces Detected
January 15th, 2026
Your phone buzzes. Another text. This time it’s about an unpaid toll. Or maybe a missed delivery. You don’t remember owing anything, but the message sounds urgent. Pay now or face consequences.
Stop. Don’t click that link.
The FBI warns iPhone and Android users of smishing text scams that are sweeping across America right now. These fraudulent messages are costing people hundreds of millions of dollars. And they’re getting smarter.
Smishing is basically phishing by text. Scammers send messages pretending to be from companies or government agencies. They want your money. Or your personal information. Sometimes both. The texts look real enough to trick anyone having a busy day.
The scale of this problem is massive. Last year alone, people lost $470 million to text scams, according to the Federal Trade Commission. That’s a 500% increase from 2020. Chinese cybercriminal groups have registered over 10,000 domains to support these attacks. They’re organized. They’re sophisticated. And they’re targeting you.
How These Scams Actually Work
The FBI warns iPhone and Android users of smishing text scams that follow a simple but effective playbook. You get a text. It claims you owe money for tolls. Or your package couldn’t be delivered. Maybe it’s a fake bank alert.
The message creates urgency. Pay now or face late fees. Act fast before your account gets suspended. Click this link immediately.
But that link? It’s trouble.
When you tap it, you’re sent to a fake website designed to steal your information. These sites can look remarkably legit. They copy logos. They mimic the real company’s design. Some even use domain names that look almost right at first glance.
Here’s what happens next. The fake site asks for your personal details. Full name, birthdate, zip code, email, phone number. Maybe your driver’s license number. Or credit card information to “process your payment.”
Once scammers have this data, they can drain your bank account. Open credit cards in your name. Access your other accounts through password reset features. Steal your identity entirely.
The Biggest Red Flags to Watch For
The FBI warns iPhone and Android users about smishing text scams, highlighting several telltale signs. Learn these and you’ll spot trouble fast.
Urgent language. Scammers rush you. They want you to act before thinking. “Pay within 24 hours.” “Immediate action required.” Real companies don’t operate like this.
Weird links. Look closely at the URL in the text. Does it end in a foreign domain? Is it a long string of random characters? Does it use “.top” or “.xyz” instead of “.com”? That’s a scam. Legitimate U.S. toll services and delivery companies never redirect to foreign domains, according to the FTC.
Unknown senders. You get a text from a random number claiming to be from a company. But companies usually text from short codes or known numbers. If it’s from a regular 10-digit number you don’t recognize, be suspicious.
Generic greetings. Real companies use your actual name. Scammers say “Dear customer” or “Valued user.” They don’t have your details yet, which is why they’re phishing for them.
Payment requests via text. Legitimate organizations don’t ask for credit card information through text links. They just don’t. If someone’s demanding payment via text message, it’s almost certainly a scam.
Common Types of Smishing Attacks
Toll road scams. This is the big one right now. Texts claim you have unpaid tolls in states you may have never even visited. The amount is usually small, like $3 to $12. Small enough to seem believable. Not small enough to ignore.
Package delivery scams. These messages say your package couldn’t be delivered. Click here to reschedule. Or pay a small redelivery fee. Of course, you’re not actually expecting anything. But in the age of constant online shopping, it’s easy to second-guess yourself.
Banking alerts. Texts claiming your account has been compromised or frozen. They look like they’re from your bank. But when you check that suspicious phone number, it doesn’t match your bank’s real contact information.
Job offer scams. Messages about positions you never applied for. The “company” wants to hire you immediately. They just need some personal information first. And maybe a small payment for training materials.
Government impersonation. Texts pretending to be from the IRS, Social Security Administration, or other agencies. They threaten legal action if you don’t respond. Real government agencies don’t work like this.
What the FBI Says You Should Do
According to the FBI’s Internet Crime Complaint Center, which has received over 2,000 reports related to these scams, you need to act smart and act fast.
Delete the text immediately. Don’t keep these messages on your phone. The FBI warns iPhone and Android users of smishing text scams to remove them right away. You don’t want that malicious link sitting in your messages, where you might accidentally click it later.
Never click links in unexpected texts. Even if you’re curious. Even if it seems legit. Just don’t. Go directly to the company’s website by typing the address yourself. Or call their customer service using a number you find independently.
Verify before you act. Got a text about unpaid tolls? Log in to your actual toll account through their official website. Message about a package? Check your real tracking information through the retailer’s app. Think your bank account has an issue? Call the number on the back of your card, not the one in the text.
Report it. Forward suspicious texts to 7726 (SPAM). File a complaint with the FBI’s IC3. Report it to the FTC. The more data law enforcement has, the better they can shut these operations down.
Secure your accounts if you already responded. If you clicked the link and entered information, act now. Change your passwords immediately. Contact your bank and credit card companies. Put a fraud alert on your credit reports. Monitor your accounts obsessively for the next few months. Check for any unfamiliar charges or new accounts opened in your name.
Who’s Behind These Attacks?
Research from cybersecurity firms has traced many of these campaigns back to Chinese cybercriminal groups. Organizations like “Smishing Triad” operate sophisticated networks that create thousands of fake domains, send millions of texts, and process stolen data at an industrial scale.
These aren’t amateur scammers working alone. They’re organized criminal enterprises with resources, technical skills, and infrastructure. They buy and sell “smishing kits” that make it easy to launch attacks. They share victim data, and they constantly evolve their tactics to stay ahead of security measures.
The scams started in specific states but have spread nationwide. The FBI notes these operations are “moving from state to state,” adapting their messages to local toll agencies and regional companies.
Protecting Yourself Beyond Just Deleting Texts
Use phone filtering features. Both iPhone and Android have built-in tools to filter unknown senders. Turn them on. You can also use carrier-provided spam protection services.
Be skeptical of everything. If a text creates urgency or fear, pause. That emotional manipulation is intentional. Scammers know that stressed people make mistakes.
Educate family members. Older relatives and younger kids are particularly vulnerable. Make sure everyone in your household knows about these scams. Share this information. It could save them thousands of dollars.
Use comprehensive identity verification. When you need to check if someone is legitimate or verify contact information, use trusted tools. Social Catfish offers reverse phone lookup services that can help you identify suspicious numbers. Their platform searches across billions of data points to verify identities and spot red flags. Unlike trying to investigate on your own, Social Catfish’s tools are specifically designed to uncover scams before you become a victim.
Monitor your financial accounts. Check your bank statements. Review your credit reports regularly. Look for anything unusual. Catching fraud early limits the damage.
Keep software updated. Security patches matter. Those annoying update notifications? They often fix vulnerabilities that scammers exploit. Install them.
Why This Problem Is Getting Worse
Technology makes everything easier, including crime. AI-generated voices can now impersonate people convincingly. Fake websites are harder to distinguish from real ones. Scammers can send millions of texts at minimal cost.
The barrier to entry for cybercrime has dropped dramatically. You don’t need to be a technical genius anymore. You can buy premade scam kits. Rent access to stolen databases. Outsource the entire operation.
And it works. That’s the problem. When people lose $470 million in a year to text scams, criminals notice. More bad actors enter the space. The attacks multiply.
Law enforcement is fighting back, but it’s an uphill battle. Scammers operate internationally. They use cryptocurrency. They hide behind layers of technical infrastructure. Shutting down one operation just means another pops up somewhere else.
Your Best Defense Against Smishing
Education is your most powerful tool. The FBI warns iPhone and Android users about smishing text scams, as awareness can stop these attacks in their tracks. An informed person won’t click that link. Won’t enter their information. Won’t send money.
When you get a suspicious text, trust your instincts. That little voice saying “this seems off” is usually right. Better to ignore a legitimate message and verify through official channels than to fall for a scam.
Think before you click. Every single time.
Social Catfish specializes in exactly this kind of protection. Their platform doesn’t just help you verify phone numbers and identities. It helps you investigate suspicious contacts before they can do damage. With tools like reverse image search, email lookups, and comprehensive background checks, you can uncover scammers faster than they can adapt.
Whether you’re dealing with smishing texts, fake profiles, romance scams, or any other form of online deception, having a trusted verification service makes all the difference. Don’t wait until you’re already a victim to get help.
Taking Action Now
The FBI warns iPhone and Android users of smishing text scams because this threat isn’t going away. It’s growing. Chinese criminal networks are already pivoting to new targets. Next up? Texts impersonating major banks and financial institutions.
But you don’t have to be a victim. Delete suspicious texts. Verify everything independently. Report scams when you see them. Use tools like Social Catfish to check questionable contacts before engaging.
Stay alert. Stay skeptical. And keep your finger off that link.
