Phone users across the United States are receiving a rising volume of fraudulent text messages designed to steal money and personal data, and federal agencies are now spelling out exactly which ones to delete without opening. The FBI’s Internet Crime Complaint Center logged more than 2,000 complaints about just one category of scam text, toll-payment notices, since early March 2024. That single thread sits alongside at least four other text-based schemes that the FBI and FTC have flagged in separate advisories, each exploiting a different psychological trigger to get recipients to click, call, or reply.
Toll texts, fake banks, and wrong numbers: why the warnings are stacking up
The five text types draw on a shared playbook: pose as a trusted institution or a harmless stranger, create urgency, and harvest credentials or funds before the target realizes what happened. What separates the current wave from older phishing campaigns is the speed at which complaint volumes have grown and the variety of official-looking pretexts in play at the same time.
The toll-payment scam is the best-documented example. The IC3 bulletin on toll-service smishing describes texts claiming the recipient owes a small balance to a road-toll operator, with a link to a lookalike payment site. The messages mimic state toll agencies closely enough to prompt fast action, especially from drivers who use electronic toll passes and cannot easily remember every charge. With more than 2,000 complaints filed in roughly six weeks, the volume suggests the lure works at scale.
A second scheme targets bank customers. An FBI notice on instant-payment fraud outlines a two-step attack: victims first receive an automated text that appears to come from their bank’s fraud department, then get a phone call from a number spoofed to match the bank’s real support line. The caller walks them through steps supposedly meant to reverse an unauthorized payment. In practice, those steps send real money to an account the scammer controls.
The third type looks nothing like a corporate message. The El Paso field office warns about “wrong number” texts that open with a casual greeting meant for someone else. If the recipient replies, the sender steers the conversation toward friendship or romance and eventually toward cryptocurrency investment platforms. The FBI explicitly advises against responding, clicking any link, or even texting “STOP,” because any reply confirms the number is active.
Delivery-notification scams make up the fourth category. The FTC has described texts that impersonate the U.S. Postal Service, claiming a package cannot be delivered until the recipient updates an address or pays a small fee. The link routes to a site designed to collect personal and financial information, often under the guise of confirming a shipping charge or verifying identity.
The fifth thread ties the wrong-number approach to a larger criminal infrastructure. The FBI’s reporting on Operation Level-Up connects text-initiated grooming to organized cryptocurrency investment fraud rings. That operation involved the bureau proactively notifying potential victims before they lost money, an acknowledgment that traditional after-the-fact reporting has not kept pace with the problem or with the speed at which these scams can drain savings.
What the complaint data reveals and what it leaves out
The 2,000-plus toll-scam complaints recorded by the IC3 represent only one slice of the picture. The IC3’s broader reporting provides aggregate complaint and loss totals across all internet-enabled fraud categories, but those summaries group many different tactics together. No single FBI or FTC document breaks out exact complaint counts or dollar losses for each of the five text types side by side. The toll figure stands alone as the only category with a published complaint count tied to a specific time window.
That gap matters because the idea that government-obligation or delivery-themed texts generate faster click-through rates than generic bank or personal-number lures remains untested in any publicly available controlled study. The FBI advisories describe the mechanics of each scam and offer protective guidance, but they do not include comparative data on which message type produces the highest response rate or the largest average loss. Without that data, it is difficult to rank the five threats by actual risk to any individual recipient.
The advisories also contain no direct victim statements or call transcripts. Every narrative example is an agency-drafted summary, which means the public record lacks the granular detail that would allow researchers or journalists to trace specific dollar losses back to specific message formats. State-level and demographic breakdowns are similarly absent, leaving open the question of whether certain populations, such as older adults, non-English speakers, or residents of toll-heavy commuter corridors, face disproportionate exposure.
Those omissions do not mean the problem is small. They more likely reflect the limits of voluntary reporting and the difficulty of classifying complaints that arrive with incomplete or inconsistent descriptions. A single victim might receive a toll text, a fake bank alert, and a wrong-number message in the same week, then file one catch-all complaint. Others never report at all, either out of embarrassment or because they notice the fraud only after a bank or family member intervenes.
For policymakers, the lack of disaggregated statistics creates a challenge. Without clear rankings of which pretexts are most effective, it is harder to decide where to focus public-education campaigns or whether to push carriers and messaging platforms to filter particular phrases or URL patterns more aggressively. The result is a patchwork of alerts that explain how each scam works but stop short of quantifying their relative impact.
Practical steps and gaps the FBI has not yet closed
For anyone who receives a suspicious text, the FBI’s guidance is direct: do not click on links, do not call phone numbers listed in the message, and do not reply in any way. Instead, users are urged to navigate independently to the official website or app of the institution being impersonated, or to call a verified customer-service number printed on a card, bill, or agency website. Deleting the text after documenting it with a screenshot can preserve evidence without leaving a live lure on the device.
Reporting is the next step. The FBI encourages victims and targets to file complaints with the IC3, including the exact wording of the text, any phone numbers or URLs, and details about money lost or accounts compromised. The FTC also accepts reports of imposter scams and unwanted texts. Even when no money has changed hands, such reports help investigators spot new variants, link campaigns that reuse infrastructure, and justify public warnings like the toll-text alert.
Consumers can also make small technical changes that reduce their exposure. Built-in tools on most smartphones allow users to filter unknown senders into a separate inbox, block individual numbers, and report messages as junk. While scammers rotate numbers frequently, blocking still matters: each block removes one access point and provides carriers with data that can feed spam-detection systems.
Yet the federal guidance leaves several gaps unaddressed. The advisories emphasize individual vigilance but say less about systemic countermeasures such as carrier-level filtering standards, default blocking of known malicious links, or stronger verification for entities that send large volumes of legitimate texts. They also do not spell out how quickly agencies share indicators of new campaigns with phone companies or messaging platforms, or how often that sharing leads to concrete takedowns.
Another unresolved question is how to balance warnings about specific pretexts with broader digital-literacy efforts. Detailed alerts about tolls, banks, or postal deliveries can help people recognize familiar patterns, but scammers can pivot to new themes faster than official advisories can be drafted and distributed. Teaching users to distrust any unsolicited request for payment or credentials, regardless of the story attached, may ultimately prove more durable than chasing each narrative as it emerges.
For now, the safest approach is to treat every unexpected text demanding money, account access, or personal information as suspicious until proven otherwise. Whether the message claims to come from a toll authority, a bank, a shipping service, or a friendly stranger who dialed the wrong number, the core defense is the same: slow down, verify through a separate channel, and, when in doubt, delete without engaging. Federal agencies are sharpening their warnings, but the final decision to tap or ignore still rests with the person holding the phone.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
