Is This Text Message a Scam? How to Tell in 60 Seconds

Scam texts — sometimes called smishing (SMS + phishing) — are everywhere now. A link about a "missed delivery," a "bank alert," or a stranger who opens with "Hey, is this still your number?" They're built to look ordinary so you tap without thinking.

This is a 60-second triage: how to recognize the common scam-text playbooks, the five red flags that apply to almost all of them, and the exact steps to take instead of tapping.

Quick version: Don't tap links in texts you didn't expect. Verify by opening the company's official app or calling the number on your card. Never share a one-time code, and don't reply — not even "STOP."

The scam-text playbooks you'll actually see

Most scam texts fall into one of four buckets. Recognizing the pattern is faster than analyzing every word.

• Package delivery: "USPS could not deliver your package. Update your address: [link]." Real carriers don't text random links demanding a fee or your card.
• Bank or card alert: "Suspicious charge — verify now." Banks don't ask you to confirm details through a texted link.
• Toll or fine: "You have an unpaid toll. Pay now to avoid a penalty." One of the fastest-growing scams in the US.
• "Wrong number" that turns friendly: A stranger texts by "mistake," chats you up over days, then pitches a crypto or investment "opportunity." This is a slow-build con.

Real text vs. scam text at a glance

| Signal | Legit message | Likely scam | | --- | --- | --- | | Link | Goes to the company's real domain, or none at all | Shortened or look-alike domain | | Tone | Informational | Urgent, threatening, deadline | | Asks for | Nothing sensitive | Card, password, code, or payment | | How it matches you | Lines up with an account you have | Out of the blue, or a service you don't use | | Sender | A known short code or saved contact | Random 10-digit number or email-to-text |

No single row is proof on its own. It's the combination — an unexpected link plus urgency plus a request — that marks a scam.

The 5 red flags

Run any suspicious text through these. One clear hit is enough to stop.

1. An unexpected link — especially shortened or on a strange domain.
2. Urgency or a threat — "act now," "final notice," "account will be closed."
3. A request for payment or personal info — card numbers, passwords, or codes.
4. It doesn't match how that company contacts you. Your bank doesn't text random links.
5. A code you didn't request. A surprise one-time login code can mean someone is trying to break into your account. Never share it.

What to do instead

• Don't tap the link. For a delivery, open the carrier's official app or website and check your tracking there.
• Don't reply — even "STOP" tells a scammer the number is live.
• Verify directly. Call your bank using the number on the back of your card, not one from the text.
• Report and delete. In the US, forward scam texts to 7726 (SPAM), then delete the message.

Why "I can just tell" isn't a plan

Most people assume they'd recognize a scam. The problem is that smishing is designed for the half-second you glance at a notification while doing something else — waiting on a real package, expecting a real bank alert. The scam doesn't need to fool careful-you; it only needs to catch distracted-you.

That's why a fixed rule beats gut feeling: never act on a texted link, always verify on the official app or number. The rule works even when your attention doesn't.

The "wrong number" long con, explained

The friendly "wrong number" text deserves its own warning because it doesn't look like a scam at all. There's no link, no urgency, no obvious ask — just a stranger who texts something like "Hey Jessica, are we still on for lunch?" When you reply that they have the wrong number, they're warm and apologetic, and the conversation keeps going.

Over days or weeks it turns into a friendship or a flirtation. Only later does an "investment opportunity," usually crypto, appear — coached, patient, and convincing. This is the pattern often called pig butchering, and it works precisely because it skips every red flag in the checklist above.

The defense is simple: a genuine wrong number ends when you say "wrong number." Anyone who keeps the conversation going after that is working an angle. Don't engage.

If you already tapped the link or replied

• If you only tapped and entered nothing, close the page; you're most likely fine. Don't go back to it.
• If you entered card details, call your bank using the number on the back of your card and ask them to watch for fraud or reissue the card.
• If you entered a password, change it everywhere you used it and turn on two-factor authentication.
• If you replied, stop the conversation, block the number, and forward the thread to 7726 before deleting.

For the full step-by-step, see what to do if you clicked a phishing link.

When you can't tell, don't guess

Some scam texts are genuinely hard to call — a convincing bank alert, a toll notice that lines up with a trip you actually took. Instead of guessing, you can hand it off. Screenshot the message and forward it to FraudRoom at check@fraudroom.com, and you'll get back a clear risk level and the safest next step — in plain English, usually within minutes.

FAQ

Is it safe to open a scam text (just open, not tap)?

Opening a text to read it is generally safe. The danger is tapping links, replying, or entering information. If you've only read it, you're fine — just don't tap anything.

What happens if I reply "STOP" to a scam text?

Replying anything, including "STOP," confirms your number is active and can lead to more scam texts. With unknown senders, block and delete instead.

Are USPS and toll "unpaid fee" texts always scams?

Treat them as scams by default. Legitimate carriers and toll agencies don't collect payments through random texted links. Check your account on the official website or app instead.

I tapped a link in a scam text — what should I do?

If you didn't enter anything, you're likely fine; close the page. If you typed a password, change it and enable two-factor authentication. If you entered card details, call your bank right away. Full steps are in the recovery section above.

Why am I suddenly getting so many scam texts?

Phone numbers get sold and traded after a data breach, and replying to (or tapping links in) one scam text marks your number as "active," which leads to more. Blocking and deleting without responding helps slow the flow.

Can opening a scam text infect my phone?

Simply reading a text won't install anything. The risk comes from tapping links, downloading attachments, or entering information on the page a link opens. Read, then delete — don't interact.

Key takeaways

• Match the text to one of the four common playbooks instead of reading every word.
• One red flag — unexpected link, urgency, info request, mismatch, or surprise code — is enough to stop.
• Verify on the official app or your card's phone number, never the text's link.
• When a text is too close to call, get it checked rather than guessing.

Related reading

• How to spot a PayPal phishing email (7 red flags)
• How to protect elderly parents from online scams