Skip to main content
  1. Home
  2. Mobile
  3. Features

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

It’s not just you, SMS spam is a nightmare right now

Andy Boxall
By

No, it’s really not just you. There are more spam SMS messages flying around than ever before. It doesn’t matter where you live or what phone you own, spam text messages trying to con you out of money are everywhere. They vary between convincing and not-at-all convincing, and are often a seemingly endless and annoying interruption.

Why do these messages keep appearing, what are they trying to gain, and how much of a problem is it?

Recommended Videos

Huge numbers mean big problems

Research from spam call and text-blocking company RoboKiller indicates SMS spam in the U.S. increased by 28% between February and March alone this year, with an almost unfathomable 11 billion spam text messages sent during March. It’s the most the company has seen since its records began in 2017, and puts 2022 on target to easily beat 2021’s estimated total of 86 billion spam SMS message sent.

A spam SMS message on a phone.
Andy Boxall/Digital Trends

TrueCaller, a caller ID and spam-blocking service, puts the average number of spam SMS received by one person in the U.S. at 16.9 messages per month. Similarly huge numbers are seen all over the world. In mid-2021 in the U.K., the country’s telecoms regulator Ofcom stated that 45 million people had received a spam SMS over a three-month period.

Related

The massive numbers involved mean that even if only a tiny percentage are lured into clicking a link in the message, a lot of people are opening themselves up to a scam and potentially having money stolen. In the Ofcom report, it’s that stated 2% of the 45 million people who received a spam message interacted with it, and that’s around 900,000 people.

The exact real-world cost of SMS-based fraud isn’t known, but TrueCaller’s data estimates a staggering 59 million people in the U.S. lost money due to a phone-based (that’s SMS and calls) scam during 2021, while a report from Javelin Strategy & Research showed identity fraud scams, which come from SMS, calls, and email, had a per-victim cost of $1,029 in 2021.

Delivery scams are common

You’ll probably be more aware of spam SMS messages that claim to come from a known or reputable company, with a link for you to follow in order to correct a problem or collect a prize. The lure is usually related to money, a product that’s waiting for you, or a desirable service. But how do they achieve this goal? Understanding it is a big step in preventing yourself from being scammed by SMS.

Cybersecurity company Malwarebytes has a great breakdown of a common spam SMS message you may have seen recently. Supposedly from the U.S. Postal Service, the message will tell you a package could not be delivered, and you should follow a link to arrange delivery. Similar spam messages could come from other delivery companies and couriers, or relate to the cancellation of a service, or to insurance or medical costs.

The average amount lost to scams like this is 4,500 British pounds, or about $5,850

The link may lead to a convincing, but fake, website where you will be asked to fill in your personal details and potentially pay a fee, which is supposedly for redelivery in the case of the U.S. Postal Service SMS. All of this is a scam, designed to either collect your personal details so they can be used for further scams or resold to other scammers, or to directly collect money fraudulently.

A study in October 2021 by U.K. bank TSB found 81% of scam SMS messages were related to deliveries, and highlighted another way these scams operate. If you follow the link and provide your details, the scammer may then call you and impersonate your bank’s fraud team, trying to persuade you to place your money into a fake “safe account” after filling in the fake delivery form. The bank says the average amount lost to scams like this is 4,500 British pounds, or about $5,850.

“Clicking on a link in an SMS might seem like a small act, but it could be the beginning of your life savings being stolen from you,” the director of TSB’s fraud prevention team told The Guardian.

What do scam messages look like?

Think you can always recognize a spam SMS? Some can be very convincing, and when you’re busy or expecting a similar genuine message, it’s quite easy to be fooled. The three messages you see below are examples of spam SMS messages sent to one of our editors, and give you a good idea of what to look out for.

Examples of SMS spam.
Image used with permission by copyright holder

The Amazon Prime message is grammatically convincing, spelled correctly, and entirely believable. However, the giveaway that it’s fake — outside of the fact that Amazon won’t send you an SMS message like this — is the use of a URL shortener, which obfuscates where the link will actually take you if you click it. It won’t be Amazon’s website, but a fake version designed to harvest your details, just like the U.S. Postal spam message described above.

The Netflix message is notable because it uses nonstandard fonts. These are designed to circumvent your phone network’s spam filters, so although the message looks odd to us, it won’t be automatically scooped up by an automated filter. It’s the same tactic for spam messages that arrive with irregular spacing between characters.

Can they be stopped?

At a network level, it’s very difficult to stop SMS spam. Verizon recently outlined the steps it has taken to thwart SMS spam before it reaches your phone. Tools include network monitoring to identify unusual activity from new numbers, along with filters to block messages. Verizon says it has stopped a grand total of 20 billion spam calls from reaching phones, but does not list how many messages it has blocked.

Unfortunately, it’s relatively simple for criminals to set up a “SIM farm” to send multiple spam messages, so no matter how many are blocked, more are usually right behind them. The U.K. consumer watchdog group Which? wrote the following in its overview of the spam problem:

“At a basic level, scammers can use computers to generate combinations of numbers and send messages in bulk using ‘SIM farms’ — devices that operate several SIM cards at a time. The equipment and software are available online, and anyone can pick up cheap pay-as-you-go SIMs with unlimited free texts.”

Random numbers sending spam SMS is one thing, but fraudsters are clever. Many messages arrive and appear to be from legitimate businesses, increasing credibility and the chances of success. This is due to the way mobile networks operate, and a specific protocol called Signaling System 7 (SS7), which can be exploited to show a different number than the one actually being used to contact you.

According to network security and fraud experts BICS, a company based in Brussels, speaking to the BBC on the subject last year, networks are still reliant on SS7, and are likely to be for another 10 years.

What can you do?

The chance of not receiving a spam SMS is extremely unlikely, given the massive amount being sent each day and the established technology being exploited, but you can take steps to make sure they don’t become an annoyance, or worse, that you fall victim to them.

Blocking a number sending spam SMS on a phone.
Andy Boxall/Digital Trends

Report SMS spam to your network, then block the number. Report the spam by forwarding a message to the number 7726, which can be remembered because it spells SPAM on an alphanumeric keyboard. Helpfully, this number is applicable to people all over the world, but check with your carrier if you’re unsure. There are also subscription services, such as RoboKiller and TrueCaller, available if spam becomes a serious problem for you.

Outside of technology, making sure you’re aware of the threat and how these scams work is just as vital for protection. Verizon gives some good advice in an article about how it’s protecting its subscribers. It writes:

“Slow down. Criminals want you to act first and think later. Legitimate organizations will never ask for personal details via email or text message.”

The message is simple yet effective. A moment taken to think about what you’re seeing could make all the difference. The director of TSB’s fraud prevention team said something similar: “It’s important to remain on guard. Never input personal details into an SMS link, and certainly not your card details.”

Next to reporting and blocking spam SMS numbers, remaining on guard and mindful of how dangerous SMS spam can be is an equally important step in protecting yourself from getting scammed.

Editors' Recommendations

Topics
Andy Boxall
Andy Boxall
Senior Mobile Writer
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
One of our favorite Android phones just got its own iMessage app
Nothing Chats app on a. phone.

Nothing is trying to bridge the great blue/green bubble divide for Android users of iMessage. This is not a personal crusade to shatter walls and open windows, as much as Nothing CEO Carl Pei would want you to believe that. Instead, Nothing is piggybacking on tech created by New York-based startup Sunbird. 
Technically, the Sunbird app can be installed on any Android phone and it features a blue bubble for all iMessage text exchanges involving an Android phone. No more green bubble shame that could get you kicked out of groups for disrupting the harmony or even slim your dating chances. That’s how bad it is! 
Nothing is adopting the Sunbird tech and bundling it as its very own app under the name Nothing Chats. But here’s the fun part. The app only works on the Nothing Phone 2 and not the Nothing Phone 1. And this life-altering boon will only be bestowed upon users in the U.S., Canada, the U.K., or the EU bloc.

The app is currently in the beta phase, which means some iMessage features will be broken or absent. Once the app is downloaded on your Nothing Phone 2, you can create a new account or sign up with your Apple ID to get going with blue bubble texts. 
Just in case you’re concerned, all messages will be end-to-end encrypted, and the app doesn’t collect any personal information, such as the users’ geographic location or the texts exchanged. Right now, Sunbird and Nothing have not detailed the iMessage features and those that are broken. 
We made iMessage for Android...
The Washington Post tried an early version of the Nothing Chats app and notes that the blue bubble system works just fine. Texts between an Android device and an iPhone are neatly arranged in a thread, and multimedia exchange is also allowed at full quality. 
However, message editing is apparently not available, and a double-tap gesture for responding with a quick emoji doesn’t work either. We don’t know when these features will be added. Nothing's Sunbird-based app will expand to other territories soon. 
Sunbird, however, offers a handful of other tricks aside from serving the iMessage blue bubble on Android. It also brings all your other messaging apps, such as WhatsApp and Instagram, in one place. This isn’t an original formula, as Beeper offers the same convenience.

Read more
WhatsApp now lets you add short video messages to chats
WhatsApp logo on a phone.

You can now send short video messages in a WhatsApp chat, Meta announced on Thursday.

A video message can last for up to 60 seconds long and is protected with end-to-end encryption.

Read more
Have an iPhone, iPad, or Apple Watch? You need to update it right now
iPhone 14 Pro Max against a red background.

If you own an Apple product — be in the iPhone, iPad, Apple Watch, or a Mac — you should update it immediately. Why? Apple has begun rolling out updates to all of its devices with fixes for a serious security vulnerability.

The security vulnerability is known as CVE-2023-32434, and it has to do with the kernel privileges of Apple devices. Per Apple's website, the vulnerability allows third-party apps to "execute arbitrary code." In other words, if a bad actor knows how to exploit this vulnerability, they could potentially gain access to your Apple device and wreck havoc.

Read more