Is This Text Message a Scam? A Quick Guide

You get a text from what looks like USPS, your bank, or the IRS. It says there's a problem — a package that can't be delivered, a suspicious charge, an overdue toll payment — and you need to click a link to fix it. The message looks official, the urgency feels real, and the link is right there waiting for your tap.

This is smishing — SMS phishing — and it's growing faster than email phishing because people trust their text messages more than their email inbox. The FCC reported a 168% increase in scam text complaints between 2021 and 2025. Here's how to tell the real texts from the fakes.

Red Flag #1: You Didn't Initiate the Interaction

Legitimate companies typically text you in response to something you did: a purchase confirmation, a two-factor code you just requested, a delivery update for a package you're tracking. If a text arrives out of nowhere claiming there's a problem, be skeptical.

Banks, the IRS, and government agencies almost never initiate contact via text message. If the IRS needs to reach you, they send a letter through the US Postal Service. If your bank detects fraud, they call from their verified number.

Red Flag #2: There's a Link You're Supposed to Click

This is the core of every smishing attack. The scammer needs you to tap a link that leads to a fake login page, a malware download, or a form that harvests your personal information.

Examine the URL before tapping:

• Legitimate: usps.com, bankofamerica.com, irs.gov
• Scam: usps-delivery-update.com, boa-secure-alert.xyz, irs-refund-claim.net

The scam URLs often contain the brand name but on a completely different domain. If there's any doubt, don't click the link — instead, open your browser and go directly to the company's official website, or open their official app.

Quick check: Paste the URL from the text into the search bar at the top of this page to check it against phishing databases before clicking.

Red Flag #3: Artificial Urgency and Threats

"Respond within 24 hours or your account will be locked." "Your package will be returned to sender." "Pay your outstanding toll or face a penalty."

Scammers create artificial deadlines because urgency overrides caution. When you feel pressure to act immediately, that's the moment to slow down.

No legitimate company will permanently close your account because you didn't respond to a single text message within a day.

Red Flag #4: The Message Asks for Personal Information

Your bank already has your account number. USPS already has your tracking number. The IRS already has your Social Security number. Legitimate organizations don't ask you to "confirm" or "verify" information they already possess via text message.

If a text asks you to reply with any of the following, it's a scam:

• Social Security number
• Credit card or bank account numbers
• Passwords or PINs
• Date of birth

Red Flag #5: The Sender Is a Regular Phone Number

Most legitimate business texts come from short codes (5-6 digit numbers like 72733) or branded sender IDs. If you receive what claims to be an official message from a regular 10-digit phone number, especially one you don't recognize, treat it with extra suspicion.

That said, some scammers do use short codes, so this isn't a definitive test on its own — just one more signal to consider.

The Most Common Smishing Scams in 2026

Fake Package Delivery Notifications

"USPS: Your package cannot be delivered. Update your address: [link]." This is the single most common smishing scam, and it spikes during holiday shopping seasons. USPS does offer text tracking, but only if you signed up for it with a specific tracking number.

Bank Fraud Alerts

"[Bank name]: Suspicious transaction of $499.99 detected. If this wasn't you, click here." Real fraud alerts from banks ask you to reply YES or NO — they don't send you to a website to enter your credentials.

Toll and Parking Fines

"You have an unpaid toll of $4.35. Pay now to avoid a $50 late fee: [link]." These texts exploit the fact that the amount is small enough to seem plausible. The link leads to a credit card harvesting page.

Account Verification Texts

"Your [service] account needs to be verified. Click to confirm your identity." This targets streaming services, email providers, and social media accounts. The link leads to a cloned login page that captures your username and password.

IRS Refund / Tax Scams

"The IRS has calculated your refund at $3,247. Claim now: [link]." The IRS does not text you about refunds. They issue refunds through direct deposit or mailed checks based on your tax return.

What to Do with a Suspicious Text

1. Don't tap any links. If you want to check on a delivery or account, go directly to the company's official website or app.
2. Don't reply. Even replying "STOP" confirms your number is active. Exception: if it's clearly a legitimate short code service you previously opted into.
3. Copy and analyze. Copy the full message text and paste it into the search bar at the top of this page for an instant risk assessment.
4. Report it. Forward the text to 7726 (SPAM) — this reports it to your carrier. You can also report to the FTC at ReportFraud.ftc.gov.
5. Block the sender. On both iPhone and Android, you can block the number directly from the message thread.
6. Delete the message after reporting.

Already Clicked a Link?

If you already tapped a link and entered information, don't panic — but act fast. Check the sidebar for our guide on what to do if you gave info to a scammer — it covers step-by-step damage control including freezing your credit, changing passwords, and filing reports.