Voipy.
Smishing — SMS scam reference

The texts behind $470 million in fraud last year.

Seven patterns cover the vast majority of scam SMS in 2026. Each one below shows the actual message (from real FTC/AARP case reports), the typical sender profile, and how Voipy Shield handles it on behalf of your facility's residents — before any link ever gets tapped.

$470M
FTC total smishing losses, 2024
+27%
Year over year growth
#1
Text-based fraud category: unpaid tolls (2025–2026)

The seven you'll see.

Ordered by 2025 FTC Consumer Sentinel reported volume. Patterns shift every 4–8 weeks — Shield's Pattern Library pushes updates monthly so the classifier stays current.

#1 · SMS · 2025–2026 trending

Unpaid toll / E-ZPass

The #1 smishing category right now. Targets get hit whether they've driven a toll road that week or never. Amounts are tiny on purpose ($6.99, $11.69) so it feels too small to argue with. Link downloads a credit-card harvest page that mimics the state tolling authority.

Tell: real toll authorities send bills by mail, not text; links use .xin, .top, .vip TLDs, never .gov. Ask: click a link, enter card + address to "pay $6.99 before $50 late fee."

Example text

From +63 912 765 4821 (Philippines, spoofed)
Your vehicle has an unpaid toll bill. To avoid excessive late fees on your bill, please settle it promptly. Total: $6.99 · Pay: https://ezdrivemap.xin/vip · Reply Y, exit the SMS, open again to activate the link.
Shield: flagged as scam, blocked at the telco layer — never reaches the resident's phone.
#2 · SMS · Evergreen #1 for 5+ years

USPS / UPS / FedEx delivery

Package-held, bad-address, redelivery-fee, "package out for delivery but action required." Most people have SOMETHING inbound most of the time, so the guess lands. Link harvests credit-card data or drops malware on the tap.

Tell: real carriers notify via their official app or a door tag, never demand a redelivery fee by text. Ask: pay a $2.99–$9.99 "redelivery" or "customs" fee via card.

Example text

From +1 (832) 555-0142 (spoofed US number)
USPS: Your package (#U9J2K8) was refused by the carrier due to an incorrect address. Please update within 24h: https://usps-reschedule.top/us
Shield: the .top TLD + out-of-profile carrier copy pattern-match the monthly library; message blocked.
#3 · SMS · High $-per-victim

Bank fraud alert — card / Zelle / wire

"Unusual activity" on a card or Zelle account, with a fake "press Y / reply NO" prompt. Target replies → scammer calls pretending to be the bank's fraud team → talks them through Zelle'ing their money to a "safe account" (aka the scammer's). Each hit is $5K–$50K.

Tell: real banks use 5-digit short codes (32890, 692632) or their app. A regular 10-digit number claiming to be Chase/BofA/Wells is a scam. Ask: reply Y or NO → lead into a phone call → Zelle to "fraud protection" account.

Example text

From +1 (202) 555-8811 (DC area-code spoof)
Chase Alert: Did you authorize a $1,482.39 Zelle transfer to CRYPTO-SECURE LLC? Reply YES or NO. Msg&Data rates may apply.
Shield: bank-fraud-alert signature matches; blocked. If the resident's bank does use SMS alerts, Shield allow-lists that specific short code in setup.
#4 · SMS · Romance/crypto entry point

Wrong-number pretext ("Hi David?")

Opens as a casual chat — "Hey is this Sarah? I got your number from Linda" — and once you reply "wrong number," the scammer stays polite and chatty. Over weeks they build rapport, eventually pivot to a crypto or stock-tip "group." AARP 2026: 11M Americans 50+ targeted, $120K median loss per victim who bites.

Tell: unknown sender, overly friendly tone for a "wrong number," no urgency (the slow build IS the play). Ask: weeks later — join their crypto trading group / Telegram / "my uncle's trader."

Example text

From +1 (409) 555-2037 (US mobile, rotates)
Hi David! Are we still on for brunch at Mark's place on Sunday? Can't wait to see you and the family 🥰
Shield: pig-butchering opener pattern flagged; message held. Residents see a summary ("unknown sender, possible romance scam") instead of the bait.
#5 · SMS · #3 FTC fraud category 2024

Fake remote-job offer

"Easy part-time work from home, $400/day, Amazon Inc / Walmart / Indeed sourcing." Leads to a WhatsApp/Telegram group where you "earn" by completing fake tasks — then get asked to deposit your own money to "unlock higher-tier tasks." Recovery rate: zero.

Tell: real employers never recruit by cold SMS; group is on WhatsApp/Telegram, not the company platform. Ask: join group → complete tasks → "deposit to unlock next level."

Example text

From +44 7700 900123 (UK mobile, spoofed)
Hi! I am Jennifer from Amazon HR, we saw your resume on Indeed. $300-$500/day remote part-time. Are you interested? Reply YES to continue.
Shield: unsolicited-employment pattern blocked; Shield never exposes residents to WhatsApp/Telegram hand-off funnels.
#6 · SMS · Tax-season perennial

IRS refund / tax notice

Inverse of the phone-IRS scam: instead of threatening arrest, this one offers free money. "You have an unclaimed $847 refund, verify SSN + DOB to release." The IRS communicates by mail, never text.

Tell: IRS does not text, period. Ask: click link, enter SSN + DOB + bank routing "to deposit refund."

Example text

From +1 (318) 555-4401 (LA area-code spoof)
IRS Notice: You have an unclaimed tax refund of $847.00 on file. Verify your info to release payment within 48h: https://irs-refund-gov.top/claim
Shield: IRS-impersonation signature blocked. (Tip: try the phone version in the live demo.)
#7 · SMS · Phone-call pivot scam

Amazon account compromise

"Your Amazon account has been locked / a $2,300 order was placed." Link goes to a phishing page OR the text includes a support number — call it and you're on the phone with the same scam escalation chain covered in the live demo's Amazon scenario.

Tell: Amazon's real support channel is in the Amazon app, not an inbound text. Ask: call back number → full Amazon → "FBI" → "move your money" chain.

Example text

From +1 (888) 555-0178 (spoofed toll-free)
Amazon: A MacBook Pro ($2,398.00) was just ordered on your account to ship to CHICAGO, IL. Did not authorize? Call our fraud team: 1-888-555-0178
Shield: blocked. Try the matching phone scenario at voipy.app/demo → 📦 Amazon.

How to read the sender number.

Legitimate senders and scammers use different number formats. Teach your residents the rule once and most scams become visually obvious before they read the body.

Sender format Legit? Used by
32890 — 5-digit short code✓ usually realBanks (Chase/BofA/Wells), carriers, 2FA providers, authorized marketing.
69-2632 — 6-digit short code✓ usually realSame as above. Short codes are registered with carriers ($1K+/mo) — too expensive for scammers to run.
+1 (202) 555-XXXX — US 10-digit number✗ if claiming to be a bankReal banks never send fraud alerts from a regular 10-digit phone number. Always a scam if the body claims to be Chase/BofA/Wells/Citi.
+1 (8XX) XXX-XXXX — spoofed toll-freeScammers spoof legit-looking toll-free numbers. Number alone isn't a tell — combined with an "urgent action" ask, it's a scam.
+44 7XXX XXXXXX (UK), +63 (PH), +91 (IN), +234 (NG)✗ if contacting a US residentInternational mobile prefixes sending English-language "delivery / toll / bank" texts to US numbers are scams ~100% of the time.
email@gmail.com formatted senderEmail-to-SMS gateway. Legitimate orgs use short codes. Any text from an email address claiming to be a bank/carrier/gov agency is a scam.
Everyone can report smishing in 10 seconds: forward the message to 7726 (spells SPAM) — it goes to your carrier's abuse team, free. Or file with the FTC at reportfraud.ftc.gov. Shield customers: we report automatically on your residents' behalf, with the pattern added to the next monthly Pattern Library release.
Voipy Shield

Shield blocks these SMS patterns before they ring.

Same monthly Pattern Library that backs the voice-call demo. Texts matching a signature are quarantined at the telco layer; residents see a daily summary, not the bait. Per-resident allow-list for the banks / carriers they actually use.

Start 14-day trial ▶ Try the live demo

Pattern Library updates ship monthly to every Shield account — free tier included.