Have you been getting weird text messages lately — from yourself?
Don’t worry, you’re not alone, and you’re probably not having an out-of-body experience. The latest trend in spam text messages involves mobile phone users receiving texts from what appears to be their own phone number.
The messages typically claim to be from the user’s wireless carrier, referencing the recipient’s wireless bill and including a link to a “free gift.” Spoiler alert: The link leads to potentially malicious websites instead, according to users on Reddit and Twitter.
It’s all potentially very confusing. Here’s what you need to know about these spam texts, and what you can do about them:
Why am I getting these texts?
“As part of a recent fraud scheme, bad actors have been sending text messages to some Verizon customers which appear to come from the customers’ own number,” Verizon spokesperson Rich Young said. “Since uncovering the scheme, our company has made a significant effort to limit the current activity.”
Young noted a recent uptick in spam text messages across all wireless carriers, and said Verizon is “actively working with others in our industry and with US law enforcement as part of an investigation aimed at identifying and stopping these fraudsters and their illegal actions.”
Robokiller, a company that makes a mobile app to block spam calls and texts, said it had tracked more than 5,000 incidents of the same-number spam text messages over the past week, as of Thursday.
According to Robokiller, typical versions of the spam texts feature messages that say, “Free Msg: Your bill is paid for March,” along with a dubious link that claims to offer a free gift. In other cases, the spam message includes a link that claims to take the recipient to a Verizon survey, according to CNET.
A writer for The Verge noted that clicking on the link in one particular message took the writer to the website for Channel One Russia, a television network run by the Russian government. “We have no indication of any Russian involvement” in the spam texts, Young said.
A spokesman for AT&T told CNBC Make It: “We are monitoring this situation closely and have not seen anything similar on our network.” A spokesperson for T-Mobile did not immediately respond to CNBC Make It’s request for comment.
What about other kinds of spam texts?
The recent spate of same-number spam texts comes amid a rise in overall spam texts received by US wireless customers in recent years.
Last year, the Federal Communications Commission (FCC) warned that spam texts have been rising during the Covid-19 pandemic, with scammers more likely to prey on desperate Americans suffering from health or financial hardships. Robokiller said Americans received a total of 87.8 billion spam text messages in 2021, a 58% increase from the previous year.
Spam texts are often referred to as SMS phishing, or “smishing” attacks, where scammers try to trick wireless users into sharing personal information or clicking on malware-ridden links. In some cases, spammers trick your phone’s Caller ID to make it seem like a text or call is coming from a local or government-associated number, a practice called “spoofing.”
In the case of the same-number spam texts, it appears that “bad actors” are even able to spoof recipients’ own numbers – adding another layer to the process.
What can I do about it?
Security experts suggest that you should always be wary of answering phone calls or text messages from unidentified or unknown numbers.
The FCC adds that you should “never share your personal or financial information via email, text messages, or over the phone.” The agency also advises against clicking on links or attachments you receive in any text message, and to call your friend who texts you a link before clicking, to make sure they weren’t hacked.
Verizon offers similar advice for dealing with potential phishing attacks involving suspicious texts. The company says you shouldn’t respond to suspicious messages at all. Instead, Verizon advises customers to forward spam texts, particularly those claiming to be from Verizon, to SPAM (7726).
You can also report potential spam texts and emails to government agencies and law enforcement, including filling out the Federal Trade Commission’s online fraud complaint form and the Federal Bureau of Investigation’s Internet Crime Complaint Center.
If you do click on a malicious link, experts say your best bet is to avoid entering any information, and disconnect your device from the internet as soon as possible. Then, go into your device’s settings, check for any apps you don’t remember downloading and delete them.
You can also use an antivirus app to scan your device for malware, and change the passwords of any accounts you think may have been compromised. If you think any of your personal or financial information might have been compromised, you can also freeze your credit for free, to avoid potential identity theft.
Sign up now: Get smarter about your money and career with our weekly newsletter
If your passwords are less than 8 characters long, change them immediately, a new study says
These are the 20 most common passwords leaked on the dark web — make sure none of them are yours