It can be challenging to spot text scams among the dozens of legitimate smartphone alerts you receive and respond to instantly for work, doctor appointments, mobile banking and more.
That’s why, in 2024, Americans reported $470 million in losses to the FTC from smishing attacks (text-based phishing attacks). This was more than five times what victims reported losing in 2020. Since most victims don’t report fraud, the amount lost is likely significantly higher.
Here are the top smishing scams to be aware of in 2025
Notice of unpaid tolls
The FBI’s Internet Crime Complaint Center received over 60,000 complaints about fake unpaid toll text scams last year. And, in 2025, this smishing scam is only trending upward. In February, McAfee, a security provider, detected four times as many unpaid toll scams as it had in January.
These scams seem to be targeting victims based on location, so people who live in larger metropolitan areas are seeing this type of text scam at the highest rates because those in these cities are most frequently subjected to toll fees.
Package delivery issues
Texts sent to notify recipients of package delivery issues were among the most common smishing attacks in 2024. A text supposedly from FedEx, the U.S. Postal Service or another major shipping company will ask the victim to pay a “redelivery fee” or to share personally identifiable information for “verification purposes.” The victim then unknowingly hands over their address or bank account information to a bad actor.
Now, the more sophisticated “brushing scam” is rising rapidly. For this type of attack, a bad actor obtains your physical address through a previous data leak and mails you something you didn’t order. They then prompt you to scan the package’s QR code on your phone, leading you to a phishing website or malware download.
Fake job opportunities
Fake job opportunities have risen dramatically, likely due to the tech-driven gig economy. Between 2020 and 2024, reported losses from job scams increased from $90 million to $501 million. While email was the most common method for this kind of attack, bad actors also scammed their victims through smishing and through phone call phishing, also known as “vishing.” Job opportunity smishing attacks usually start with an unexpected text message offering work without getting into specifics.
A victim of this attack might be offered a job to perform a repetitive task such as liking products on online marketplaces or apps in an app store. They may even see a small payout, creating a false sense of legitimacy. Eventually, victims will be told they must pay a fee to continue receiving the money they earned—only to never be paid afterward.
How to spot a smishing scam
How can you spot a smishing scam? Sometimes, an urgent-sounding text from an international number or a random email address obviously looks fake. But some smishing attempts may include a phone number that appears to be associated with a legitimate service. They might link to a website with a domain like .vip, .top or .tk or to a shortened domain.
To verify if an alert is legitimate, visit a service’s website and use the contact information provided on the page to reach the provider. You can also find out what information the provider will ask for in a text. For example, no legitimate service will require you to provide your social security number through a text message.
As a general rule, never respond to an unexpected text. And don’t click on any links in the message. You can also go to the Better Business Bureau Scam Tracker to see if someone else has already reported the scam.
If you spot a smishing attempt, forward the message to 7726 (SPAM). This helps your phone provider catch similar messages in the future. Then, report spam in the iMessage app if you’re an Apple user or the Google Messages app if you’re on Android.
Lastly, report the smishing attack to the FTC at ReportFraud.ftc.gov.
What to do if you’ve fallen for a smishing scam
If you did respond to a smishing scam, there are some steps you can take to protect yourself.
If you paid a scammer, you can contact the bank, credit card company or gift card issuer you used to reverse the transaction. If you mailed cash, in some cases you can call the postal service to have the package intercepted.
Change any username or password that you shared with the bad actor. If you shared your social security number with the scammer, you can also reach out to IdentityTheft.gov to monitor your credit score for fraudulent activity.
Using a keen eye, awareness and these tips, you can help protect yourself from text scams and safeguard your personal information. If you’re not familiar with the sender of a text message and something feels off, trust your gut instinct, block the sender and delete the text message without engaging in any way.
Photo by fizkes/Shutterstock
