[PHONE SCAM ALERT] Dodge the Digital Bullets

Don't Get Phished by a Smish

Did you get a text message that just feels a bit off, or has an urgent call to action? Put the phone down, back away slowly, and learn about smishing before you respond.

Smishing is phishing by text message or messaging app, rather than email. Instead of lurking in your spam folder, these scams show up in your messaging feed, often copying the look and language of banks, delivery companies, or even someone in your contacts list. The aim is getting you to click a link, respond, or give up sensitive info while you’re distracted. And in 2025, attackers have gotten creative, texts arrive late at night, use official-looking logos, or reference current events to look “timely.”

You might see:

• “Unusual activity on your bank login, click here!”


• “Your Amazon package was delayed. Tap to reschedule.”


• “Win big in a holiday sweepstakes!”

Sometimes, scammers even hijack a friend’s account or spoof their number. Suddenly you’re getting odd requests for cash or payment apps from someone you know, a person that would be easy to trust if you don’t pause to double-check.

How Smishing Scams Work Now

1. Shortened URLs and Phony Links: Scammers use bit.ly, tinyurl, and strange domains so you can’t see the real web address. The site may look almost perfect, but really it’s a trap.


2. Impersonation: Messages mimic big brands, package shippers (UPS, FedEx, Amazon), banks, or common apps. They're packed with urgency and friendly language, sometimes with typos or odd formatting meant to blend in.


3. Social Engineering: New attacks may scrape details from your social media to make alerts look relevant, referencing sports scores, weather, even local events.


4. Survey and Contest Scams: “Win a free phone!” just share private details or click through several screens. The only real thing is the risk.

One baseball fan got a “UPS delay notice” the same week he was expecting game-day memorabilia. The site he was directed to was not UPS, but a scam demanding credit card info. He was almost fooled, but saved himself a grand slam of trouble by double-checking with the actual UPS app.

Another example: A Venmo request from a friend who "lost her phone," urgently asking for money. A quick call before sending money revealed that the sender was unaware she had been hacked.

Spotting the Scams

Smishing works because it blends urgency and authenticity. Here’s what to look for:

• Demands for immediate action, anything “urgent” should be slow-walked with suspicion.


• Links that look short, awkward, or full of extra dashes.


• Requests for sensitive info, passwords, credit cards, or Social Security number by text.


• “Delivery” or banking alerts you weren’t expecting, or from a sender who’s slightly off.


• Messages from friends that don’t sound like them or seem out of context.

In one recent case, a man got a late-night “Wells Fargo” security alert, but instead of clicking, he opened the real banking app, and found no alerts, no drama. The scammer was blocked and a fraud report filed to the bank and FTC.

Below are more example/typical smishing texts. Note the patterns: fake URLs, fear of loss, and urgency to act.

• “Your Chase account has been locked due to suspicious activity, please verify your info at chase-secure.com”


• “Final notice, package delivery failed, reschedule at ups-trackinfo.com/12345”


• “Bank alert, unusual withdrawal detected, click here to confirm: tinyurl.com/banksecure”


• “Congrats, you’ve won a $100 Amazon gift card, claim now at amzn-prizes.com”


• “Hi Mom, I lost my phone, can you send money via Venmo to my new number?”


• “Your Netflix subscription has expired, avoid interruption by updating here: netflix-fix.com”


• “Important, your Social Security number has been suspended, call 888-123-4567 immediately”


• “FedEx: Your shipment is on hold, please provide delivery details: fedex-verify.com”

Defense Strategies You Can Use

Avoid suspicious links. Go directly to apps or official websites when something seems odd. Skip the provided link and login yourself. Double-check senders. If a friend asks for urgent cash or sensitive info, confirm with a call or a separate chat. Use multi-factor security. Even if your password gets stolen, the scammer hits a wall. Update your devices. Old phones and apps can have holes that new scams exploit. Block and report. Both iPhone and Android let you shut down numbers and report messages.

Practical tip: If you're unsure, screenshot the message before deleting or reporting. It helps if you need to alert your carrier or the impersonated company.

Steps to Report a Smishing Attack

1. Don’t reply, not even with “STOP.”


2. Take a screenshot as proof.


3. Forward suspicious texts to 7726 (SPAM) for most U.S. carriers.


4. Notify the impersonated company via their official website or support.


5. Block the sender after reporting, it’s usually enough to stop further attacks.


6. File official complaints at IC3.gov or FTC.gov if personal information is exposed or you think many people might be affected.

Mobile phishing and smishing are getting more sophisticated, but you don’t need to be a tech expert to stay ahead. Slow down before tapping, check out-of-the-blue alerts, and keep your guard up for anything that’s urgent but off-script. Real-world prevention is about small steps... verify, question, and report, so you can keep life moving without giving up your private info or peace of mind.

Have you spotted a scam? Post a comment and share the story here, it’s the quickest way to help someone else dodge a bullet.