Anyone who has ever replied “STOP” to a suspicious text hoping to end the harassment may have done the opposite. Federal regulators and cybersecurity agencies on both sides of the Atlantic now warn that any reply to an unsolicited message, including a one-word opt-out, can signal to scammers that a real person is reading their messages. That confirmation can move the number onto lists targeted by more aggressive fraud operations, turning a minor annoyance into a serious security risk.
What is verified so far
The Federal Trade Commission’s guidance to businesses and consumers is direct. In an April 2025 data spotlight on text scams, the agency stated that people should avoid responding to unexpected texts. That language does not carve out exceptions for “STOP,” “unsubscribe,” or any other reply. The FTC treats all engagement with an unknown sender as a risk, because each response proves the number is active and monitored.
The same FTC spotlight catalogs the most common bait: fake fraud alerts that impersonate banks, bogus toll-payment notices demanding immediate action, and task or job scams that lure recipients with promises of easy money. Each of these formats is designed to provoke a quick reply or a tap on an embedded link. Once a target engages, scammers escalate pressure to extract personal data, payment credentials, or direct wire transfers.
Separate consumer guidance from the FTC reinforces the same principle: verify any claim through a trusted channel you find independently, not through contact details supplied in the text itself. In its instructions on how to handle suspicious messages, the agency urges people to ignore the text, use built-in spam tools, and consult known contact information for banks, government offices, or companies rather than anything listed in the message. The same guidance explains that smartphone users can forward spam texts to 7726 and file a detailed report at reportfraud.ftc.gov, steps that help build cases against large-scale operations. These recommendations appear in the FTC’s broader advice on avoiding text-based scams, which is aimed at ordinary consumers.
The United Kingdom’s National Cyber Security Centre echoes this position. The NCSC advises against replying to suspicious texts and instead directs recipients to report them through official channels. That includes forwarding certain messages to a dedicated reporting number and, where appropriate, contacting mobile providers to have malicious senders blocked. State attorneys general across the United States have issued similar public warnings, particularly around a wave of toll-related smishing scams that prompted alerts from multiple jurisdictions, as documented by the Associated Press.
Alongside these high-level warnings, the FTC offers practical steps for day-to-day protection. In its guidance on recognizing spam texts, the agency recommends turning on carrier and device-level filters, deleting suspicious messages without opening links, and treating any unexpected request for payment or account access as a red flag. The same document on recognizing and reporting spam texts emphasizes that legitimate organizations will not pressure you to act immediately or demand sensitive information over text.
What remains uncertain
No public dataset from the FTC, NCSC, or Federal Communications Commission currently breaks out complaint volumes by whether the recipient replied before reporting. That gap means the exact scale of the problem is hard to pin down. The behavioral logic is well established: a reply confirms a live number, and confirmed numbers are more valuable on underground markets. But the specific rate at which a “STOP” reply leads to increased follow-on messages or list resale has not been quantified in any published government study.
The phrase “worse list” captures a widely reported pattern in which numbers that show engagement get sorted into premium tiers sold to more sophisticated fraud rings. Security professionals and consumer advocates describe this sorting mechanism in general terms, yet granular data on list-routing mechanics remains scarce. No primary FTC or NCSC report has published a controlled comparison between numbers that replied and numbers that stayed silent, tracking message volume over a fixed window afterward.
Real-time examples of individual numbers migrating to higher-risk lists after a single reply exist mainly in aggregated consumer alerts and anecdotal reports. Some people say that spam increased sharply after they texted “STOP” to a suspicious sender, or that new scam themes began appearing within days. These accounts are consistent with the behavioral guidance, but they fall short of the kind of structured evidence that would let researchers assign a precise risk multiplier to any given reply.
It is also unclear how often scammers spoof the appearance of legitimate opt-out language used by lawful marketers. In regulated mass texting, genuine businesses are required to honor opt-out requests, and replying “STOP” to a known, verified short code is a standard way to end messages. Scam operations copy this pattern to look trustworthy, but they have no incentive to remove numbers that respond. Public guidance does not yet quantify how many fraudulent campaigns use this tactic or how frequently victims confuse criminal texts with legitimate marketing.
How to read the evidence
The strongest evidence available is behavioral guidance from government agencies with direct enforcement authority over consumer fraud. The FTC’s business-facing data spotlight and its consumer-facing spam text guidance both carry institutional weight because the agency investigates and prosecutes text fraud schemes. When the FTC tells people not to respond, that advice reflects patterns the agency has observed across thousands of complaints and enforcement actions, even if the underlying datasets are not broken out in public dashboards.
The NCSC guidance adds cross-border corroboration. Scam text operations are rarely confined to one country, and the fact that both U.S. and U.K. cybersecurity authorities independently arrived at the same recommendation strengthens the case that replying is a measurable risk, not just a theoretical one. When regulators in different systems converge on nearly identical advice-ignore, delete, and report rather than reply-that consensus is meaningful evidence in its own right.
State-level warnings about toll-related smishing scams provide a useful real-world example. These campaigns send messages claiming the recipient owes a small highway toll and must pay immediately to avoid penalties. Any reply, even “STOP,” tells the sender the number is worth targeting again. The consistency of warnings from federal agencies, state attorneys general, and international cybersecurity bodies creates a strong narrative: engaging with unsolicited texts increases exposure, while non-engagement plus reporting helps shrink the opportunity for fraud.
Readers should weigh sentiment-level sources, such as social media complaints and informal consumer forums, differently from primary government guidance. A frustrated post about receiving more spam after replying “STOP” is consistent with the official advice, but it does not prove causation on its own. The government guidance is the load-bearing evidence; individual reports add texture but not proof.
In practice, the safest approach is to treat any unexpected text that asks you to click, pay, or share information as hostile until proven otherwise. If the message claims to be from a bank, shipper, tolling agency, or government office, close the text and initiate contact through a phone number, website, or app you already know is legitimate. Use your phone’s spam-reporting tools, forward suspicious messages to 7726 where available, and submit detailed complaints to official fraud portals. By refusing to reply directly and instead channeling information to regulators, you reduce your own risk and contribute to a broader picture of how these scams operate.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
