FBI Warning On Suspicious Text Messages

Written By Ryan Morrissey

In today’s world, protecting your personal information is more important than ever. The FBI has recently issued a nationwide warning about a new wave of “smishing” attacks targeting people across the U.S.

Let’s dive into this rising threat and explore the steps you can take to safeguard your phone, investment accounts, and sensitive data.

What Is Smishing?

Smishing, a blend of "SMS" (text messages) and "phishing," refers to fraudulent text messages that trick recipients into revealing personal information like:

  • Social Security numbers or

  • Credit card details or

  • Bank account passwords

These fake messages often appear to come from trusted sources, making them even more dangerous.

Lately, I've received a number of smishing messages myself. For example, I’ve received texts that look like they’re from toll services in my area, warning me about unpaid tolls and urging me to click a link to pay. But, as I’ve learned, these texts are often part of a scam. The links lead to fake websites designed to steal your personal information.

How to Recognize Smishing Messages

Smishing messages may seem harmless at first, but they can be incredibly harmful if you fall for them. Here are some signs to look out for:

  • Urgency: Smishing texts often try to create a sense of urgency—like telling you that you need to pay a toll or resolve an issue immediately.

  • Suspicious Links: These messages will often ask you to click on a link, which can lead to a fake website designed to steal your information.

  • Unusual Sender: If you receive a text from a toll company, delivery service, or bank that you weren’t expecting, be suspicious. Most of these companies do not send text messages; they will send a letter or email.

For example, the message might say something like "You have an unpaid toll! Click this link to pay now!" It might even look official, using names like "EasyPass" or "FedEx," but if you examine the URL closely, you might spot irregularities.

Scammers will often use fake domains that look similar to the real ones but with slight modifications.

Check out this week’s episode on: The Top 5 Tax Benefits of 529 Plans

What You Should Do if You Receive a Smishing Text

If you receive a suspicious text message, don’t click any links or reply with personal information. Instead, follow these steps:

  1. Do Your Research: Verify the claim by visiting the official website of the company that supposedly sent the message. If it's about an unpaid toll, go directly to the toll agency’s website rather than clicking the link in the text.

  2. Contact Customer Service: If you're still unsure, reach out to the company through a trusted phone number to confirm whether the message is legitimate.

  3. Report the Scam: If you’ve fallen victim to a smishing scam, report it immediately to the Federal Trade Commission (FTC) at www.ic3.gov. You should also notify your bank or credit card company and freeze your accounts if you’ve provided sensitive information.

  4. Delete the Message: Remove the smishing message from your phone to avoid accidentally clicking on it later.

How Smishing Can Lead to More Serious Problems

If you fall for a smishing scam and share your personal information, hackers can use it to steal your identity, access your bank or investment accounts, and commit fraud. In some cases, hackers might also install malware or spyware on your phone, allowing them to track your movements, steal more data, or even take full control of your device.

To make matters worse, the FBI has reported a fourfold increase in smishing scams since January 2025, with over 10,000 fake websites being used by scammers. So, it's clear that this is a growing problem, and it's crucial to stay vigilant.

Take my course at your pace through an on demand video library.

Protecting Your Phone from Hackers

Aside from smishing scams, there are other ways hackers might attempt to gain access to your phone. Here are some practical steps you can take to safeguard your device:

  1. Be Careful with Public Wi-Fi: Public Wi-Fi networks, like those at airports or coffee shops, are prime targets for hackers. When you connect to these networks, your data could be intercepted. To protect yourself, consider using a Virtual Private Network (VPN), which encrypts your data and makes it harder for hackers to track your activities.

  2. Avoid Clicking Suspicious Links: Always be cautious about clicking on links or downloading attachments from unknown sources, even if the message appears to be from a trusted company.

  3. Enable Two-Factor Authentication: On your phone and accounts (such as your bank or investment accounts), activate two-factor authentication (2FA). This adds an extra layer of security by requiring a second form of verification, such as a text message or an authentication app.

  4. Keep Your Software Up to Date: Regularly updating your phone’s operating system and apps helps protect against the latest security threats.

  5. Monitor Your Bank and Investment Accounts: Regularly check your bank and investment accounts for any suspicious activity. If you notice anything out of the ordinary, contact your bank or brokerage immediately.

  6. Use a VPN: I personally use a VPN to encrypt my data and protect my phone when I’m on public Wi-Fi. It’s an additional layer of security that can help keep your personal information safe.

If you prefer to learn in video format. Make sure to check out my YouTube channel! Don’t forget to subscribe!

What to Do If Your Phone Is Hacked

If you suspect that your phone has been compromised, there are a few signs to watch for:

  • Your phone is running poorly or crashing frequently

  • Unfamiliar apps appear on your phone

  • You’re locked out of your Apple ID or other accounts

  • Unusual data usage or strange pop-up ads

If you notice any of these signs, you should immediately take action. You can install malware scanning software, delete any suspicious apps, and change your passwords. Additionally, consider using the "Find My iPhone" feature to lock your phone and prevent unauthorized access.

Closing Thoughts

The rise of smishing and other cyber threats highlights the importance of staying vigilant and taking steps to protect your phone and personal data. By being cautious about the links you click, using a VPN, enabling two-factor authentication, and regularly monitoring your accounts, you can greatly reduce your risk of falling victim to these scams.

If you do fall victim to a scam, don’t panic. Contact the relevant authorities, report the issue, and take steps to lock down your accounts and devices.

If you have a question or topic that you’d like to have considered for a future episode/blog post, you can request it by going to www.retirewithryan.com and clicking on ask a question. 

As always, have a great day, a better week, and I look forward to talking with you on the next blog post, podcast, YouTube video, or wherever we have the pleasure of connecting!

Written by Ryan Morrissey

Founder & CEO of Morrissey Wealth Management

Host of the Retire with Ryan Podcast

Ryan Morrissey
Next

The top 5 tax benefits of a 529 plan — and changes to expect in 2026