Scam texts have gotten good — they borrow real logos, real urgency, and real-looking links. But almost every one trips the same few wires, and once you know them you can spot a phishing text in seconds without thinking hard.
What follows is aimed squarely at everyday phone users, and it assumes no prior know-how. Each step is numbered and pictured, so even a buried setting is easy to find. Keep your phone in hand and do each step as it comes.
The methods are ordered from quickest to most thorough. Do as many as your situation calls for; even the first one meaningfully improves things. Every linked tool is an official one you can trust.
In short: check who it’s really from, spot the manufactured urgency, don’t tap the link — verify independently, and report and delete it. Each step further down walks the exact taps, illustrated so you can’t get lost.
Way 1: Read the Tells
Every step below uses built-in settings, so there’s nothing to install. Follow them top to bottom; the illustrations point out each control you’ll need.
1Check who it's really from
Scam texts come from odd numbers, random email-to-text addresses, or shortened senders that don’t match the company they claim to be. A ‘bank’ texting from a personal-looking number is an instant clear tell.
Real companies use consistent, recognizable sender IDs — not a different random number each time.
Once you’ve seen a few, the mismatched sender becomes the fastest tell of all — a real company simply doesn’t text you from a different random number each time.
- Look at the sender: odd number or email address?
- Mismatch with the claimed company is a giveaway
2Spot the manufactured urgency
Phishing leans on panic: ‘account suspended’, ‘package held’, ‘unusual login — act now’. The urgency exists to rush you past your judgment. Real notices rarely demand instant action through a text link.
When a message pushes you to hurry, slow down — that pressure is the scam.
The pressure is the product. Any message engineered to make you act in the next sixty seconds deserves exactly the opposite: a slow, skeptical second look.
- Treat ‘act now or else’ urgency as a warning sign
- Genuine notices don’t usually demand instant action via text
Way 2: React the Right Way
Every step below uses built-in settings, so there’s nothing to install. Follow them top to bottom; the illustrations point out each control you’ll need.
3Don't tap the link — verify independently
The payload is always the link. Instead of tapping, open the company’s app or type their known web address yourself. If something real needs your attention, you’ll see it there.
Hovering or previewing often reveals a web address that has nothing to do with the real company.
Reaching the company through its own app or a web address you typed yourself sidesteps the entire trick, because you never touch the attacker’s link.
- Never tap the link; open the official app yourself
- A mismatched web address confirms the scam
4Report and delete it
Forward the scam to your messaging app’s spam-reporting option and to the standard spam-reporting shortcode, then delete it. Reporting helps carriers block the sender for everyone.
In practice, never reply, not even ‘STOP’ to an obvious scam — any reply confirms your number is live.
Reporting does more than clear your inbox — it feeds the filters that protect everyone, so it’s a small civic good as well as a personal one.
- Report as junk/spam, then delete the message
- Don’t reply at all, even ‘STOP’, to obvious scams
Read This First
- Replying to confirm you’re a real person — including ‘STOP’ — invites more scams.
- Never enter passwords or card details on a page you reached from a text link, even if it looks perfect.
Good Habits
- When in doubt, contact the company through its official app or a number you already have, never the one in the text.
- Enable your phone’s built-in spam filtering to catch many of these automatically.
FAQ
How did scammers get my number?
Numbers circulate through data breaches and brokers, and many scams simply dial ranges at random. Receiving them rarely means you were specifically targeted.
Are package and toll texts the most common scams?
They’re among the most common right now because they’re plausible — everyone’s expecting a delivery sometimes. The same tells apply: odd sender, urgency, a link.
What if I already tapped the link?
Don’t enter any information. Close it, and if you entered credentials, change that password immediately and watch the account. Running a security scan is a sensible precaution.
Official Tools
These first-party tools let you check and lock things down directly:
- Google Security Checkup — open it to check or manage this yourself.
- Google Play Store — open it to check or manage this yourself.
- Apple App Store — open it to check or manage this yourself.
- Have I Been Pwned — open it to check or manage this yourself.
There’s no prize for doing this all at once. Tackle one method now, bookmark the page, and finish the rest when you have a quiet moment. Each piece stands on its own.
Make Privacy a Habit
Fixing things once is great — but a light, regular habit is what keeps them fixed. Here’s a quick routine that does most of the work for you.
Pair this with two-factor authentication on your most important accounts — your email above all, since it can reset every other password. With those two habits in place, the doors casual snooping relies on stay shut.
The Point of All This
The reason these steps work is that they target how monitoring actually happens in practice, not the dramatic movie version. Ordinary people are followed through ordinary settings, and ordinary settings are exactly what you’ve just learned to control.
Easy Mistakes
- Reusing the same password across accounts, so fixing one login leaves the others just as exposed.
- Stopping after one step — the doors work together, so a single fix often leaves another open.
- Leaving automatic updates off, which keeps the security holes that monitoring tools rely on wide open.
- Acting in a visible hurry when a calmer, quieter approach would be both safer and more thorough.
If You're Still Worried
There’s no shame in asking for help if the steps here don’t fully settle your mind. Official support channels for your phone can walk through settings with you, and if safety is part of the picture, a support service that handles tech abuse is the right call.
The Short Version
To bring it together for everyday phone users, here’s the whole process at a glance:
- Check who it’s really from
- Spot the manufactured urgency
- Don’t tap the link — verify independently
- Report and delete it
Run through it once now, and the next time will take half as long.
Good to Know
- Convenience and privacy trade off in small ways, but the trades here are tiny — a few extra taps now and then — for a meaningful gain in control.
- A surprising amount of ‘tracking’ turns out to be a setting you switched on and forgot, not a hack — which is good news, because settings are easy to undo.
- Physical access is the common thread in nearly every monitoring story, which is why a screen lock only you know is one of the highest-value habits there is.
- Updates are unglamorous but powerful — most sneaky monitoring leans on security holes that updates quietly close, so keeping automatic updates on does a lot of the work for you.
These are the principles the individual steps grow from, so they’re worth keeping in mind even after the details fade.