Americans lost $470 million to scams that began with a single text message in 2024, according to data the Federal Trade Commission released in April 2025. The agency identified six categories driving the sharpest increases: fake package-delivery notices, bogus bank fraud alerts, unpaid toll demands, wrong-number lures, IRS impersonation texts, and job-recruitment pitches. Each type exploits a routine notification that millions of people already expect on their phones, and the financial damage is climbing because the messages now look nearly identical to legitimate alerts from USPS, major banks, and state toll agencies.
Why $470 million in text-scam losses changes the threat calculus
The FTC’s April 2025 release did not simply confirm that smishing remains a problem. It quantified a loss total that dwarfs prior years and broke the data into specific scam types, giving consumers and law enforcement a clearer target list. In its summary of top text-message scams for 2024, the agency highlights fake package-delivery alerts, bank fraud texts, unpaid toll demands, and wrong-number schemes as leading drivers of reported losses. Two additional categories, IRS impersonation and job-recruitment schemes, round out the six types that spiked.
The timing is not random. Package-delivery scams surge alongside e-commerce shipping volume, and toll-related smishing tracks the spread of electronic tolling across U.S. highways. The FBI’s Atlanta field office documented a dramatic jump in IC3 complaints about Peach Pass smishing starting March 1, compared to a baseline period running from January 1, 2024, through February 28, 2025. That pattern suggests scammers calibrate their campaigns to moments when real toll notices and shipping confirmations flood inboxes, making fraudulent messages harder to distinguish from authentic ones.
A testable hypothesis emerges from these patterns: monthly FTC complaint tallies for toll and package-delivery smishing should correlate more tightly with USPS shipping volumes and state toll-road transaction counts than with the rollout of general fraud awareness campaigns. No public dataset currently links those variables month by month, but the relationship would explain why awareness efforts alone have not bent the loss curve downward. If scam volume rises and falls with legitimate transaction cycles, then countermeasures may need to be just as dynamic, with short, targeted warnings pushed during peak shipping and travel seasons.
How each of the six scam types works and what the data shows
Package-delivery texts impersonate USPS, FedEx, and DHL. The FTC’s consumer guidance describes messages that direct recipients to look-alike websites and prompt them to pay a small “unpaid postage” fee or enter personal and financial information. The fee is a pretext; the real goal is harvesting credit card numbers and identity data. In a recent alert about USPS-impersonation texts, the agency spells out the mechanics: a short URL, a fake tracking page branded with postal logos, and a form requesting details no carrier would ask for via text, such as full Social Security numbers or complete card credentials.
Bank fraud alert scams flip the victim’s instinct to protect their account. A text warns of suspicious activity and provides a phone number or link. Anyone who responds hands over login credentials or one-time passcodes to the attacker, often while believing they are talking to a bank representative. Because real banks do send legitimate alerts, the visual similarity between genuine and fake messages makes this category particularly difficult for consumers to navigate, especially when they are already anxious about account security.
Wrong-number texts take a slower approach, opening with a friendly “Hey, is this Sarah?” or similar greeting. When the recipient replies to correct the “mistake,” the scammer builds rapport over days or weeks before steering the conversation toward cryptocurrency investments, trading platforms, or gift-card purchases. The goal is not a one-click theft but a longer con that can drain savings under the guise of mentorship or romantic interest. The FTC’s 2024 data show that while fewer people report wrong-number scams than package or bank texts, the median loss per incident can be higher because victims are persuaded to send larger sums over time.
Toll-road smishing, the category behind the Peach Pass spike the FBI flagged, demands immediate payment for an alleged unpaid toll. The messages typically threaten late fees, collections, or even license suspension, creating urgency that short-circuits skepticism. Because many states now use electronic tolling with minimal paper billing, recipients have no easy way to cross-check the claim in the moment, especially if they recently drove through unfamiliar toll plazas. Scammers exploit that ambiguity by including plausible license-plate fragments or generic references to “recent travel” to make the demand feel targeted.
IRS impersonation texts exploit tax-season anxiety. The IRS itself states that it sends texts only in limited contexts and generally only when the taxpayer has opted in. Any unsolicited text claiming to be from the IRS, whether it promises a refund, threatens an audit, or mentions a stimulus credit, is a red flag by the agency’s own standard. These scams often pair a sense of urgency with the authority of government branding, pushing recipients to click links or call numbers where impostors demand immediate payment or sensitive personal data.
Job-recruitment scams round out the six categories. Researchers collected a corpus of tens of thousands of job-recruitment scam messages and found repeated templates, reused domains, and shared infrastructure across campaigns, according to a preprint study on message-based job scams. The messages typically promise remote work with high pay and minimal qualifications, then funnel victims toward fake onboarding portals that collect Social Security numbers, bank details for “direct deposit,” or require upfront “training” payments. Some schemes never deliver a job at all; others use the stolen identities to open fraudulent accounts or apply for benefits in the victim’s name.
Gaps in the data and what to watch next
The FTC’s $470 million figure captures only reported losses, which means the true toll of text-based scams is almost certainly higher. Many victims never file a complaint because they feel embarrassed, do not know where to report, or conclude that their loss is too small to matter. Yet small-dollar payments add up quickly when millions of texts are sent. Understanding how much harm goes unreported is one of the biggest open questions for policymakers trying to size the problem.
Another gap involves the granularity of publicly available statistics. While the FTC publishes broad scam categories and annual totals, researchers and journalists often need more detailed breakdowns to spot emerging patterns or evaluate interventions. The agency’s interactive data dashboards provide state-level and category-level views, but they do not yet link text-based scams to specific triggers such as holiday shopping peaks, tax deadlines, or major tolling-policy changes. Without that temporal and contextual layering, it is harder to test whether targeted awareness campaigns or carrier-level blocking efforts are having measurable impact.
There are also unanswered questions about how effectively telecom providers are filtering scam texts before they reach consumers. Carriers have deployed analytics and blocking tools, but those systems are largely opaque to the public. As scammers adopt techniques like rotating sender IDs, using compromised business accounts, or embedding QR codes instead of links, traditional filters may struggle to keep pace. Independent audits or standardized reporting on blocked versus delivered scam traffic could clarify whether the balance of power is shifting.
Regulators, meanwhile, are watching how quickly scammers adapt when specific tactics are exposed. When law enforcement cracks down on one domain or messaging pattern, campaigns often reappear with minor variations. That cat-and-mouse dynamic underscores why static guidance-such as a one-time warning about a particular message template-has limited shelf life. Instead, experts argue for broader behavioral rules of thumb: do not click links in unsolicited texts, navigate to official sites by typing addresses directly, and verify urgent financial or government claims through known, independent channels.
Looking ahead, the most informative developments will likely involve better data sharing and more precise timing. If agencies can align complaint records with shipping, tax, and tolling calendars, they may be able to anticipate scam waves rather than merely document them after the fact. Paired with real-time alerts from platforms and carriers, that kind of forecasting could reduce the pool of potential victims during the riskiest windows.
For now, the $470 million figure serves as a blunt but useful signal: text-message scams are no longer a peripheral nuisance. They are a central, rapidly evolving channel for fraud. Until reporting systems, technical defenses, and public habits catch up to that reality, the gap between what scammers can do with a single text and what most recipients are prepared to question will remain a lucrative space for criminal innovation.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
