The people's voice of reason

How to identify a fake text message: Online skills 101

Quick question: How long does it take you to look at an email after you receive it?  Okay, now how about a text message? For most, it's no contest; we check our emails when we get around to it, but we'll typically look at a text right away. 

That's why many people are receiving a lot more marketing texts lately. Companies have discovered that texts are a powerful way to reach customers and, more importantly, to get a response. Unfortunately, scammers and hackers have learned this, too, so understanding how to identify a fake text message is a modern-day survival skill. 

Spokeo explores six of the most common red flags that can help separate scams from the real thing, as well as what to do if you receive a fake text message.

Why Scammers Have Turned to Text Messaging 

Marketing companies really, really love text messaging these days. Why? Well, largely because almost everyone opens a text—98%, compared to 20% for marketing emails—and about 45% of people will respond, compared to 6% for emails. The numbers vary slightly, depending on the research being looked at, but overall they're very consistent. 

That's also excellent news for scammers. People have gotten pretty good at recognizing email phishing scams for the most part, and while most know to be wary of links in emails, they still haven't yet grown the same kind of mental armor where texts are concerned. In fact, the immediate response to incoming texts is usually curiosity, as opposed to the eye-roll that often greets an incoming email. 

That creates a world of possibilities for scammers, especially given that legitimate organizations are also constantly testing new ways to interact with people by phone.  

How to Identify a Fake Text Message

When everybody and their proverbial dog is texting with offers, updates, and information, how can you know what's real and what's dangerous? 

Well, there are often tell-tale signs that betray a fake text message. Here are some of the big ones: 

1. It seems weirdly random

Phishing messages, by their nature, are seldom targeted to individuals (it does happen, but it's rare). Instead, they're sent out scattershot to thousands of people, on the basis that somebody's bound to fall for it sooner or later. This means that they're often not applicable to you: A message about an Apple account, perhaps, to an Android and Windows user, for example. Those ones are easy to catch, and so are the ones that clearly know nothing about the receiver (maybe a cat food offer to someone who is hideously allergic to pet dander and can't have one). 

Sometimes it's trickier, though. A "delivery failure notice" from the USPS might seem worth clicking, just to see what's going on, even if you weren't expecting a package. And if you received an authentication code for logging into one of your sites, when you're not logging in personally, you might think someone was trying to hack your account. In that case, randomness is actually the feature that drives the scam. 

2. It urgently demands action right now!

This is a hallmark of just about every scam since the dawn of time. There's always, always a hugely urgent reason to act immediately. Depending on the scam, it may come in the form of a carrot—a time-limited flash sale, a prize for the first handful to respond, etc. Or, it may come in the form of a stick—"to avoid suspension of your account," "if you did not request this password change," or "we have detected suspicious activity on your credit card"—to ensure that you react quickly. 

The psychology is simple; if the receiver has to make a snap decision, it's more likely to be a wrong one. 

3. The offer is too good to be true

Sadly, greed (and the desire to get something for nothing) is a fundamental part of human nature, and many people have at least a small streak of it in their makeup. Scammers know this, and appeal to it pretty regularly. Fake marketing messages with ridiculous markdowns are a common ploy, for example (no, you aren't getting Louis Vuitton or a PS5 at that price). 

Those messages saying you've won a contest you don't remember entering are in the same category, and so is the "free gift just for responding." Like grandma said, if it's too good to be true, it probably is. 

4. The language is … off

There's always "that one friend" whose spelling is hopeless and whose texts sound like Yoda after too many drinks. And that's fine coming from a friend, but not in a text that supposedly comes from a legitimate business, financial institution, or maybe even a government agency. In those cases, it's a clear red flag that a text has been composed by a non-native English speaker, or possibly crudely auto-translated from another language. 

The rise of AI tools means that over the next few years, most scammers will be able to craft a persuasive message without knowing any English at all. Even so, not all scammers have access to AI tools, and the tools themselves can spit out some clunky messages on occasion.  The bottom line is that incoherent messages will remain a reliable warning sign for a while. 

5. The phone number may not be in the right format

Take a look at the numbers your last several (non-friend) texts have come from. A lot of the ones from businesses will show a 5- or 6-digit "short code," rather than a regular phone number.  Those ones are usually fine: There's an organization that assigns them, and there's a verification process, so those are usually valid (and can be looked up). You might get spammed from a short code, but probably not scammed. 

Most other numbers will be in the familiar 10-digit format that's standard in the U.S., as you'd expect from a sender that claims to be U.S.-based. Occasionally, there will be numbers that are longer than 10 digits, or formatted differently. Assume these are probably scammers, unless you're legitimately dealing with overseas companies. 

6. There's a link in it

Some legitimate senders will include a link in their text, but they're a small percentage. Phishing messages, on the other hand, almost always include a link. You don't need to be a math whiz to figure out that the odds are in favor of any text message with a link in it being a scam.

Protecting yourself from scam texts

Protecting yourself against phishing texts is a lot like protecting yourself against phishing emails. 

  • Don't click links in unsolicited texts.
  • Don't call any phone number in an unsolicited text.
  • Don't scan a QR code in an unsolicited text (that's a new one that scammers are exploiting now.)

Those are just the starting points, of course.  Another very useful tactic is to visit the sites of organizations you actually deal with on a regular basis and look for the discussion of scams and phishing on their support pages. Frequently impersonated businesses and government agencies, including Amazon, Netflix, PayPal, the IRS, the SSA, and the USPS, all have pages with spam text message examples or explain common scam messages, to help people recognize them. 

Those are important, because knowing what the real organization will and won't do is a valuable tool in recognizing scams. If you already know that the IRS and USPS never send unsolicited texts, for example, it's a no-brainer that the message you're looking at is bogus. 

What to Do if You Receive a Phishing Text 

The quickest, simplest response to a fake text is simply to block the sender, delete the text, and forget about it. Most phones and carriers will offer several options for call/text blocking (methods will vary, but they're easy to look up), and you can also install phone apps that provide varying degrees of screening and blocking for calls and texts. 

Many companies and government agencies provide the option of forwarding the suspect text or sending them a screenshot, so they'll have it on file. It's important for them to know which scams are making the rounds, and it may help others avoid the same scam. Consider reporting it to the FTC's Report Fraud website or the FBI's Internet Crime Complaint Center, for the same reasons.  

Realistically, it's not exactly news that the internet is full of scammers who are out to get people, and knowing that they're using text messages now doesn't change the equation a whole lot. There's no magic to text messages, no "secret sauce" that makes them especially dangerous. They work because people are less likely to be wary of a text than an email, period. So be wary.

 

Reader Comments(0)