As soon as I sat down to write this I received a text that simply said “Hello”. In another era, I might have been intrigued by the mystical messages from unknown numbers. Maybe I was curious who wanted to say hello. However, this is not the first time I've played this game.
Fraud texts are the growth of a multi-billion dollar industry. As robocalls become less common – partly thanks to the 2009 law that forced telcos to stop them – text fraud complaints from 2015-2022 Increased by 500%. It was sent on a given day and the problem has gotten worse. It's not just being bombarded with more text fraud than ever. The text is also beginning to be really refined.
I would like to say I've never clicked a spam text link, but I'm lying. Maybe it was about a mysterious package or unpaid parking ticket, or some political issues. That's not really important. Nowadays, much of our personal data has appeared online, and with the help of AI, text fraud is becoming smarter, more targeted and more dangerous. The software needed to stop spam text is overtaken by the software used to generate them.
That's the bad news and the worst news. The good news is that so far, humans are smarter than machines. A combination of familiar software and software can reduce your exposure to text fraud, or at least your chances of becoming a victim of fraud.
Looking back, Robocalls doesn't seem that bad
Another text scam I got this week includes a link to pay and a suspected unpaid toll with a friendly sign-off (“Toll Road Team wishes you a great day” Masu!”). By chance, I borrow money from someone due to unpaid tolls, but that's not the “Toll Roads team.” The link in the text ending with “.world” was the biggest red flag. I didn't click this link, but if the text was more personalized – perhaps using my name or mentioning that the toll was in New York, where I live – maybe I You'll have it.
This is where we are heading. Common scams such as involving unpaid fines, job seekers, IRS, and packages without withdrawals can be exponentially dangerous when you include personal information such as emails and home addresses. And following years of data breaches, the amount of data about you has increased for fraudsters to take advantage of. On the other hand, generative AI makes it easy for bad actors to create large-scale, compelling, typo-free messages. Sometimes all you have to do is read the text to give the scammers more leverage.
Common scams such as those involving unpaid fines, recruitment officers, IRS, and packages without withdrawals can be exponentially dangerous when including personal details.
“Depending on what your read receipt looks like, the bad guys may know you've opened the text,” says Teresa, the consumer watchdog of the US PIRG Education Fund. Murray told me. “And God is forbidden. You click on links, etc., call the number in the text, and head to the race.”
There are multiple ways that scammers can win here. Clicking on the link allows you to be fooled to give them money or misunderstood as if you give up more personal information. This is the unique currency of the fraud market. Many text fraud is also a phishing scheme, with links pointing to web pages designed to steal login credentials. At best, clicking on the link will prove to the bad actor who is alive and will follow the plan.
The total amount lost to telephone scammers in 2024 exceeded $25 billion, bringing an average of around $450 per victim. Elderly people are less likely to actually fall into certain scams. This is mainly because I learned not to pick up a cell phone. The majority of Americans over the age of 65 say they don't answer if they don't know the number, and 57% of the same group don't name the public and call the registry. 2003 – According to a recent report from call blocking service Truecaller.
Young Americans are making that worse. The same report shows that people between the ages of 18 and 44 are three times more older Americans who fall into phone scams that contain spam texts, with 25% of the group reporting victims I did. Only 30% say they haven't called the registry.
What you can and cannot do to escape text fraud
The registry is not very useful to reduce spam text, as it is designed to stop unnecessary calls from telemarketers. Moreover, many of these texts come from overseas, and scammers running SIM farms in Southeast Asia without international telephone police patrol the lines, are mobile with alerts about unwanted packages of mental content You can blow up the phone.
Sim Farms, also known as Phone Farms or Sim Banks, is a system equipped with multiple SIM cards that can send numerous texts and calls at the same time, and only costs hundreds of dollars to set up. It's virtually free for scammers to get their phone numbers, and unlike robocalls that occur in real time, spam text is sent in a huge batch in an instant. If a number is blocked, the scammer can start using the new number and continue spam. Nowadays, you can also use generative AI to create more persuasive, personalized messages.
Meanwhile, telephone companies have fewer regulatory requirements to protect their customers from these spam texts. The Traced Act, which took place in 2021, provided the Federal Communications Commission (FCC) tool to prevent robocalls, including a caller ID verification framework called Stim/Shaken. However, it was not until 2024 that the FCC established the first rule specifically targeting spam text.
You'd think stopping spam text is just as easy as using a spam filter, as email providers have been doing for decades. But texting isn't as sophisticated as email technology. Basic technology – SMS, or short messaging services – dates back to the 1980s and is hardly safe.
“SMS doesn't have built-in security controls, such as email authentication protocols,” Adam Meyers explained in an email as counter hostile operations manager for cybersecurity firm Crowdstrike. “At the time telephone personnel and software makers implement filters and blocking mechanisms, the enemy is constantly evolving their tactics.”
The challenge is to eliminate unnecessary messages without blocking legitimate messages. This means distinguishing text from friends, banks, Doordash drivers, or new friends who are not yet in their spam text contact list.
Many businesses and organizations use short code to send a large amount of legitimate messages. It also governs how it interacts with these texts, using five or six digits that must be registered with CTIA, the Wireless Industry's Trade Association.
Pro Tip: Don't delete trustworthy messages
You'll probably receive a lot of automated messages from reliable sources, such as pharmacies, banks, food delivery services, and more. It also includes verification codes when using phone numbers for two-factor authentication, as well as short code text containing political campaigns.
Do not delete these messages immediately. In this way, if you receive a new message from a trusted source, you will see it in the same thread and spare the stress of wondering if it's a real deal. “Even better: go ahead and label it and put it in contact,” said Teresa Murray of Pirg. “And if you get what looks like a verification code from XYZ Bank, it's not coming from a saved contact, so it could be a red flag for you.”
Unfortunately, fraudsters don't care much about the laws and regulations. Also, telephone companies do a lot just to combat the never-ending torrent of spam text. It's expensive to build a filter that can keep up with the fraudster's way, and some carriers include tools for the cost of service. Others will request better tools. For example, Verizon offers basic filters for free, while the “Plus” filter offers an additional $4 a month.
“It's a real job to do this,” Alex Quilici, CEO of call blocking service Youmail, told me. “I'm sympathetic, but there are some pretty difficult issues with my career.”
When it comes to avoiding text scams, there are options. In addition to what the carrier offers, there are apps such as TrueCaller, TextKiller, Robokiller, and Hiya.
I have never paid for any of these services so I can't say how well they work. Not responding to a mobile phone remains a solid way to avoid robo collars. Caller IDs can be easily spoofed, so don't pick them up if you're not expecting a phone call. If in doubt, skip the call and call a legitimate number.
You can also report scammers to the FCC by forwarding the message to the 7726. You can report any kind of fraud to the FTC or the state attorney general.
Most importantly, it's not about engaging with scammers. Even if they say “hello” and appear to be friendly, even responding or reading spam texts makes you feel like you're a real person and targeted to a bad actor I'll tell you. For now, know that you're smarter than AI and ignore it.
A version of this story was also featured in the Vox Technology Newsletter. Sign up here Don't miss the next one!
