SMS Marketing Best Practices

How to Recognize a Text Message Hoax or Phishing Scam

text message hoax

We’ve all received suspicious text messages—and not from a wrong phone number or a former friend. The suspicious messages we’re talking about are text message hoaxes or phishing scams. These messages always come from an unknown sender, and they rarely specify the organization. These scammers may often pose as a popular retailer or business to inspire trust and get the recipient to click a link and provide personal information. Who are these scammers? How did they get your number? And, are legitimate brands allowed to message you without your consent? Let’s discuss in this blog post.


Can Brands Text Consumers Without Their Consent?

In SMS marketing, a brand texts consumers—only those who have opted in to receive messages from the brand—about sales, coupons, or deals. Note the important part: true SMS marketing only operates with consumers who have intentionally signed up to receive offers from a brand. One of the great things about true SMS marketing is that it is permission-based. In other words, an organization is not legally allowed to send a text message unless a consumer gives them permission to do so.

There’s actually a law that protects consumers from receiving SMS messages they haven’t consented to receive. It’s a federal law called the Telephone Consumer Protection Act (TCPA), which is governed by the Federal Communications Commission (FCC). This law gives consumers the ability to take legal action against companies that send them SMS messages without their consent.

There’s a difference between a legitimate company sending unsolicited SMS messages to people who haven’t given consent and text message phishing scams. Although they’re both unsolicited, one business is trying to send you an SMS message hoping you will purchase from them. The other is trying to steal your personal information. And that’s what this blog post will cover—spam SMS messages. We’ll look at examples of these spam messages, how to avoid them, what the penalties are for violating the Telephone Consumer Protection Act, and how brands running SMS marketing campaigns can stay compliant.


Examples of Text Message Hoaxes and Phishing Scams

Text message hoaxes and phishing scams usually have one goal: to get the recipient to provide the sender with personal information. Scammers are on the prowl for social security numbers, passwords, and account numbers. This type of information helps them access a person’s email, bank accounts, and credit card login information and allows them to reset passwords and take over those accounts. Many scammers want to access personal information so they can sell it to someone else.

Text message phishing scams are always changing and evolving. The following examples illustrate a commonly used tactic—messages promising something for free or some kind of fake service (a scam to obtain private information):

  • You’ve won a free prize! Click here to claim it!
  • You’ve received a free gift card! Click here to use it!
  • You’ve won a free vacation! Time is running out to claim it!
  • You qualify for a lower interest rate on your credit card.
  • Time to pay off those student loans faster. Get started now!

Some text message hoaxes and phishing scams also try to alert consumers that something is wrong or needs urgent attention. Examples of these text message scams include:

  • We’ve noticed some suspicious activity on your account—click here to resolve it immediately.
  • There seems to be a problem with your payment—click below to re-enter your information.
  • Did you authorize this invoice? Click here to resolve this immediately.
  • Important information regarding your package.

Most phishing scams promote urgency, though not the kind of urgency about taking advantage of a weekend sale. The scammers’ prizes are reserved for the first person who clicks the link. The issues with accounts always seem to require urgent attention and a lot of personal information. In reality, if your debit card or credit card has ever been lost or stolen, you know you can call your bank, and they’ll help you on the spot. They don’t send suspicious text messages.

One gray area that we are asked about is whether a brand or influencer can send a text message and make it from another number. For example, as celebrities, politicians, and public figures get into text message marketing, they want to send messages to subscribers—but they don’t actually want to use their personal numbers to do so. In this case, as long as consumers have knowingly opted in to receive text messages from this person or brand, it’s ok to use another number to text message subscribers. For example, many brands, political candidates, and even celebrities use short codes like 12345 instead of an actual phone number. Not only are these numbers easier for consumers to text (and recall) when opting in, but these short codes provide some privacy and separation from a public figure’s actual personal number. Read more about SMS short codes.


How to Avoid Text Message Hoaxes and Phishing Scams

Text message scammers are clever, but they’re not geniuses. They’re typically predictable and scare off easily. Mobile users must be prepared. Here are some important pointers to help consumers safeguard against phishing scams:

    • Government agencies don’t text or call when there’s an issue. They always mail a letter. If there’s a problem with any government-issued document, you’ll receive a letter.
    • Banks, credit card companies, and any other legitimate organizations will not ask you to provide sensitive personal or financial information such as your username, password, credit card number, debit card number, or PIN in an SMS message.
    • Don’t stress out and don’t rush. If an SMS message claims there’s an issue with any of your accounts—a tactic often used to get your banking information—go directly to your bank’s website or app and log in to check your recent activity. Or call the bank’s customer care phone number. Don’t click any link in the SMS message.
    • Never click unknown links, especially those that look suspicious and resemble something a toddler might have typed. These links sometimes unleash viruses that can cause serious harm to your phone and steal all your information.
    • Don’t call any phone number provided in a phishing message. These scam text messages will often pose as a bank or a government agency and use a local number to gain your trust. Large organizations and government agencies list their contact information on their website, so if the number in the message doesn’t match what’s on the website, it’s a scam.
    • Don’t engage with text message phishing scams; simply delete them. Don’t even respond with the common SMS keyword STOP. Doing so lets the scammer know you opened the message and that your phone number is active. Any response will move you to the top of their list for future scam messages.
    • Be careful when providing your cell phone number online. Scammers will often create bright, flashy advertisements centered around winning a free gift, just so they can get your phone number. There’s no prize. They just want to send you spam text messages.
    • Never provide your personal or financial information in response to text messages from unknown senders. Verify the sender’s identity and think about why the sender might be asking for your information.
    • Your cell phone is a mini-computer. You probably have a lot of financial and personal information saved on your device. Follow the same guidelines you use on your computer to safeguard against viruses and hoax messages.


Penalties for Sending Text Message Phishing Scams

As we mentioned in the introduction, consumers have rights, and their SMS privacy is protected. Every mobile phone owner is protected by the Telephone Consumer Protection Act (TCPA), the federal law that regulates what can and can’t be sent to consumers via phone calls or text message marketing. To help minimize questionable sales tactics and discourage scammers from heavily targeting mobile phone owners, there must be some pretty serious consequences and financial burdens placed upon those who break this law.

When any organization violates the TCPA, the organization can be reported and fined. Violations include ignoring the Do Not Call Registry or text messaging consumers without clear and conspicuous consent. The business can be liable for a list of penalties. Private citizens who complain that a business is sending unsolicited SMS marketing messages can sue for damages based on the unwanted contact. The law dictates a fine of $500 per unwanted call or text, per person. And if the business is proven to have knowingly violated the TCPA, those fines triple to $1,500 per unwanted call or text, per person.

The business sending the messages isn’t the only one facing a lawsuit. It’s typically not sending messages from a physical cell phone. Instead, the business is likely using SMS marketing software to send these communications. Any entity involved in the offending text message marketing campaign is a valid target for these lawsuits and fines, including the brand behind the text message marketing, the text message marketing software provider sending the messages, the marketing agency handling the campaign, and anyone else involved. Each of these parties can face those fines.

While the fines of $500 to $1,500 per text per person may not seem detrimental to a business, these fines can quickly add up to millions of dollars in legal costs, which can be devastating. These fines were initially developed with individual plaintiffs in mind, but with a rise in class-action lawsuits, multiple plaintiffs can sue simultaneously. For example, if a company purchases a list of thousands of consumer phone numbers and sends unsolicited messages to those phone numbers, a class-action lawsuit may end up destroying the business. This makes TCPA compliance crucial.


How to Be TCPA Complaint

TCPA compliance is the foundation for any successful SMS marketing campaign. If your organization is embarking on an SMS marketing journey, compliance must be at the forefront of your planning. Not only will an airtight compliance plan mitigate risk for lawsuits and unwanted allegations, but it will also help you communicate with your customers using industry best practices. Compliance ensures that your customers come first and that you’re treating them with the utmost respect. Doing so will help build loyal, lifelong relationships with your clients.

The first step toward achieving perfect SMS marketing compliance is to work with a good SMS marketing software provider. Additionally, make sure your marketing team and everyone involved with your SMS messaging are well informed about proper TCPA compliance. Being knowledgeable about TCPA compliance can mean the difference between making money off text message marketing and going out of business due to legal fees. This is especially true when interpretation of the law varies across different courts and locations throughout the country. Keep your regulatory compliance as precise as possible.

Hoax text messages and scammers can sometimes give SMS marketing a bad reputation. But if you follow the rules and abide by TCPA regulations, you’ll remove any possibility of a violation. If you’re interested in learning more about text message marketing and the TCPA, check out our free TCPA Survival Guide.


Let’s Chat About Compliance

We know that words like compliance, class-action lawsuits, and violations can be intimidating, but don’t worry. As the industry’s leading SMS marketing software provider, we work closely with all our clients to ensure that they know the ins and outs of SMS marketing laws and TCPA compliance. If your organization is considering SMS marketing, we’d love to chat with you about your goals and business strategy. Schedule a time to chat with an SMS marketing professional.

Jump to Content