RevealHim
Login
May 16, 2026·6 min read

How to Tell if a Text Message Is a Scam (Smishing Red Flags)

Smishing — SMS phishing — overtook email phishing in 2023 as the most successful consumer-fraud vector. Why? Because people barely look at texts. We tap. We click. We're on our phones, distracted, half-paying-attention. Here are the eight patterns that hit US, UK, EU and Australian phones every day in 2026, and the dead-giveaway red flags that tell you "this is fake" in under three seconds.

1. The fake delivery notice

"USPS: your package could not be delivered. Confirm address at bit.ly/xyz."

Spotting it: real USPS never sends links via SMS. UPS, FedEx, DHL and Amazon either. The link goes to a fake login that harvests your card details and address. Tell: shortened URL, urgency, vague package reference.

2. The IRS / HMRC / CRA "tax refund"

"Your tax refund of $924.51 is pending. Confirm bank details: irs-payments.gov.com"

Tax agencies never initiate contact via SMS, full stop. The domain trick (irs-payments.gov.com is NOT irs.gov) is the giveaway. If you're owed a refund, the agency mails a paper check or direct-deposits to the account on your last return.

3. The "Zelle / Venmo / PayPal" scam

"Did you authorize a payment of $478 to Sara M.? Reply Y to confirm or N to cancel."

Reply "N" and the scammer calls you back from a spoofed Zelle support number asking you to "reverse the charge" — which is actually you authorizing a new payment to them. Reply nothing, open the actual app, check.

4. The "wrong number" pig-butchering opener

"Hi Mike! Are we still on for dinner Saturday?"

You reply "Sorry, wrong number." The sender apologises, chats friendly, builds rapport over days or weeks, then pivots to crypto. This is "pig butchering" — long-con romance + crypto scam. Reply nothing, block, move on.

5. The utility shutoff

"Your electricity will be disconnected in 30 minutes. Pay $187 to avoid: powerpay-bill.net"

Real utilities don't text disconnection threats. They mail. They call from their main number. They give you weeks of notice. Anyone demanding immediate payment via SMS link is a scammer.

6. The "your Amazon order"

"Amazon: a $1,299 charge to your Prime account was unable to be reversed. Call 1-855-..."

Goes to a fake Amazon support number that asks for remote desktop access to "verify the cancellation." Once they're in, they drain your bank. Amazon will never call you about charges — check the actual app.

7. The bank "fraud alert"

"Wells Fargo: did you attempt a transfer of $1,890 at 14:22? Reply YES or NO."

Banks DO send fraud alerts via text, which is what makes this one tricky. The difference: real bank texts come from a 5-digit shortcode (like 93557 for Wells Fargo), never a 10-digit number. Real bank texts don't ask you to call a number — they tell you to use the app or call the number on your card.

8. The Apple/Microsoft "your account is compromised"

"Apple ID locked due to suspicious activity. Verify identity: apple-secure.com"

Apple and Microsoft never SMS account alerts to random numbers. If your account is genuinely locked, the official app/site will tell you when you next try to sign in. Domain trick (apple-secure.com is not apple.com) is the universal tell.

The five red flags that work for every scam

  1. Urgency — "30 minutes", "today only", "your account will be closed"
  2. Shortened URL — bit.ly, tinyurl, t.co — no legitimate company uses these in transactional SMS
  3. Domain mismatch — apple-secure.com, irs-payments.gov.com, ups-deliveries.net
  4. Request for action via link — real companies ask you to use their app or call the number on your card
  5. Asks you to call back a number you don't recognise — real fraud alerts give you no number, they let you call them yourself

What to do when you get one

1. Don't click anything. 2. Don't reply (replying confirms your number is live). 3. Forward the SMS to 7726 (which is SPAM on the keypad) — works on all major US/UK carriers and auto-files a complaint. 4. Block the number. 5. Move on.

💡 Want to know if a number that just texted you is on the spam radar? Check it here — community reports, carrier flags and known scam-pattern matches in under five seconds.

RELATED

Caller ID Spoofing Explained

RELATED

Identify Spam Callers