Your phone buzzes with a text from a number you don’t recognize. It says you owe an unpaid toll, or that your package couldn’t be delivered, or that your bank account has been locked. At the bottom, there’s a helpful-looking note: Reply STOP to unsubscribe. Every instinct says to text back. Don’t.
Three federal agencies, the Federal Trade Commission, the Cybersecurity and Infrastructure Security Agency, and the Federal Communications Commission, all warn that replying to a suspicious text, even with “STOP,” can backfire. A reply confirms to the sender that your number is active and that a real person is reading messages. That alone can turn your phone number into a hot commodity on underground markets, where verified numbers fetch higher prices and attract more aggressive follow-up scams.
The consequences aren’t hypothetical. In one of the FTC’s landmark spam-text cases, defendants behind a mass texting and mobile-cramming scheme were ordered to pay $10 million in 2014 after millions of consumers received deceptive texts that led to unauthorized charges on their phone bills. More recently, the FCC proposed a $300 million fine in 2023 against a massive auto-warranty robocall operation, signaling that enforcement has only intensified.
Why “STOP” doesn’t work on scammers
Legitimate businesses, like your bank, a retailer you’ve shopped with, or a delivery service, are required by telemarketing and consumer protection rules to honor opt-out requests. Texting “STOP” to a sender you recognize and trust is perfectly fine in those cases.
Scam texts are a different animal. Fraudsters deliberately mimic the opt-out language consumers expect from real companies. That “unsubscribe” link at the bottom of a suspicious message might load a phishing page designed to harvest login credentials, install malware on your device, or simply log your number as verified for resale. CISA specifically warns consumers not to click any link in a suspicious message, including those disguised as unsubscribe options.
The FTC’s consumer alerts spell it out plainly: scam texts are engineered to prompt interaction. The message itself is bait. Any response, whether it’s tapping a link, calling a number, or typing “STOP,” gives the sender exactly what they wanted.
What to do instead (it takes under a minute)
Federal agencies have aligned around a clear sequence of steps, and the whole process is faster than composing a reply.
Forward the message to 7726. That shortcode spells “SPAM” on most phone keypads. The FTC recommends this as the first line of defense because forwarding alerts your wireless carrier, which can investigate the number and block future messages from it across its network.
Use your phone’s built-in tools. iPhones offer a “Report Junk” option beneath messages from unknown senders. Most Android devices have similar blocking and reporting features in their messaging apps. These tools flag the number without requiring you to engage the sender directly.
Block the number and delete the message. Blocking prevents follow-ups from the same number, and deleting removes the temptation to tap a link later by accident.
File a formal complaint if the text looks like part of a larger campaign. The FCC accepts complaints about unwanted texts through its consumer portal, and these reports feed directly into enforcement actions against spoofing operations and illegal robotext campaigns. You can also report to the FTC at ReportFraud.ftc.gov.
The scam landscape in mid-2026
Spam texts aren’t slowing down. The scope of the problem is enormous, though precise annual totals vary by source and methodology, and no single authoritative count exists. What is clear from federal enforcement trends and carrier reports is that smishing (SMS phishing) has been growing faster than traditional email phishing in many categories.
One of the most widespread recent schemes involves fake unpaid toll notices. The FBI’s Internet Crime Complaint Center flagged a surge of these texts, which impersonate state toll agencies and pressure recipients to click a payment link. State attorneys general across the country have echoed the warning. The texts are convincing because they use official-sounding language and small dollar amounts that seem plausible enough to act on without thinking.
On the regulatory side, the FCC closed a significant loophole in January 2025 with a rule requiring one-to-one consent for robotexts and robocalls. Previously, lead generators could obtain a single consumer consent and share it across dozens of marketers. The new rule means a company can only contact you if you gave consent specifically to that company. It is the most significant structural change to robotext regulation in years, though its full impact on spam volumes won’t be clear for some time.
If you already replied
If you’ve already texted back or tapped a link in a suspicious message, the situation isn’t necessarily dire, but you should act quickly.
Check your phone bill. Mobile cramming, where unauthorized charges are added to your carrier bill, remains a common monetization tactic for spam operations. Look for small, unfamiliar charges that might be easy to overlook.
Review bank and credit card statements. Scammers sometimes run small test transactions before attempting larger ones. Enable transaction alerts if your bank offers them.
Secure your accounts. If the scam text impersonated a bank, delivery company, or government agency, contact that institution directly using a phone number or website you find independently, not one provided in the text. Change passwords for any accounts that may have been exposed, and enable two-factor authentication where available.
Visit IdentityTheft.gov. If you shared personal or financial information through a reply or a linked page, this FTC-run site provides step-by-step recovery plans tailored to the type of data exposed.
Register at DoNotCall.gov. This won’t stop illegal spam, but it adds a layer of protection against legitimate telemarketers and reduces overall volume.
Reduce your exposure going forward
Beyond the immediate response, a few settings adjustments can cut down on how many suspicious texts reach you in the first place.
Most smartphones allow you to filter messages from unknown senders into a separate folder. On iPhones, this is under Settings > Messages > Filter Unknown Senders. Android options vary by manufacturer but are typically found in the messaging app’s spam protection settings. Filtering won’t block every scam, but it keeps suspicious messages out of your main inbox where you’re more likely to engage with them reflexively.
Major carriers also offer their own spam-filtering tools, often at no extra cost. T-Mobile’s Scam Shield, AT&T’s ActiveArmor, and Verizon’s Call Filter all include text-screening features. Third-party apps like RoboKiller and Truecaller provide additional layers of detection, though they may require a subscription for full functionality.
No filter catches everything. The behavioral rule remains the most reliable protection: when a text feels off, silence is safer than engagement. Don’t reply, don’t tap, and route the message through official reporting channels instead. It’s a small habit that costs nothing and closes the door scammers are counting on you to open.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
