Smishing: How Text Message Scams Target Seniors and How to Stop Them

Your father gets a text message: "USPS: Your package cannot be delivered. Update delivery preferences here: [link]." He clicks it. A professional-looking page asks for his address, phone number, and credit card to "reschedule delivery." He fills it out because he's expecting a package from Amazon. Two days later, $1,200 in unauthorized charges appear on his credit card.

This is smishing — phishing via SMS text message — and it has become one of the fastest-growing scam vectors targeting seniors. The FBI has issued multiple warnings about smishing attacks, and the FTC reports that text-based scams have overtaken email phishing as the most common method of initial contact for fraud targeting older adults.

Why text scams are especially dangerous for seniors

Email phishing has been around long enough that many people have developed at least some instinct to be cautious. Text messages are different. Seniors tend to trust texts more than emails for several reasons:

Texts feel personal. Email is associated with spam and junk. Text messages feel like they come from people you know — they arrive on the same screen as messages from family members and friends.

Texts are harder to inspect. On a phone, you can't hover over a link to see where it goes. The link is just a string of characters, and tapping it opens the page immediately. There's no "preview" step.

Texts create immediate urgency. A text notification triggers an instant response in a way that email doesn't. The phone buzzes, the message appears, and the instinct is to deal with it right now.

Phone screens make fake pages look real. On a small screen, it's much harder to notice a suspicious URL or subtle design differences between a real website and a phishing clone.

The most common smishing scams targeting seniors

Package delivery scams

"Your package could not be delivered" or "USPS tracking update" texts with a link to "verify" delivery information. These are effective year-round but spike during holiday seasons. The link leads to a page that harvests personal and payment information.

Bank fraud alerts

"Suspicious activity detected on your account. Reply YES to confirm this transaction or call [number]." These texts impersonate the recipient's bank and either direct them to a phishing page or connect them to a scammer posing as bank security.

Government impersonation

"Social Security Administration: Your benefits have been suspended. Call [number] to reactivate." These texts exploit the same authority bias that makes phone scams effective, but reach the victim faster because texts have a 98% open rate compared to roughly 20% for email.

Toll and fine scams

"You have an unpaid toll of $3.75. Pay now to avoid a $50 late fee: [link]." These are relatively new and have been the subject of recent FBI warnings. The amounts are deliberately small to seem plausible.

"Hi Mom/Dad" scams

"Hey Mom, I got a new phone number. Can you text me here?" Once the parent responds, the scammer — posing as their child — eventually asks for money via gift cards or Venmo.

How to protect your parent from smishing

1. Teach the "never click a link in a text" rule

This is the single most effective defense. Legitimate companies send text notifications, but they almost never require you to click a link to resolve an issue. If your parent receives a text about a package, bank account, or government benefit, the correct response is to:

• Ignore the link
• Open the browser and go directly to the company's website (typed manually, not from the text)
• Or call the company using a phone number they already have (from a statement, card, or previous communication)

2. Enable spam filtering on their phone

Both iPhone and Android have built-in tools to filter suspected spam texts:

iPhone:

• Settings > Messages > Filter Unknown Senders
• This moves texts from people not in the contact list into a separate "Unknown Senders" tab

Android:

• Open the Messages app > Settings > Spam protection > Enable spam protection
• Google Messages can automatically identify and filter suspected spam texts

3. Block and report scam numbers

When your parent receives a smishing text:

• Don't reply — even "STOP" can confirm to scammers that the number is active
• Block the number (long-press the message on most phones, then select Block)
• Report it: Forward the text to 7726 (SPAM) — this reports it to the carrier
• Report to the FTC at ReportFraud.ftc.gov

4. Set up a family verification protocol

For the "Hi Mom/Dad, new phone" scam, establish a simple rule: if a family member claims to have a new number, call their old number first to verify. Or use the family code word — a word or phrase agreed upon in advance that any family member can ask for to verify identity.

5. Don't share their phone number unnecessarily

Every time your parent enters their phone number on a website, signs up for a loyalty program, or fills out a form, that number potentially enters a database that can be sold to scammers. Minimize the places where their number appears.

What the FBI says about smishing

The FBI has repeatedly warned about the surge in smishing attacks, particularly toll-related and package delivery scams. Their guidance aligns with everything above:

• Do not click links in unsolicited text messages
• Do not provide personal or financial information via text
• Verify the sender through independent channels
• Report smishing to IC3 at ic3.gov

The FBI specifically notes that smishing is increasingly tied to organized criminal networks that combine text-based initial contact with phone-based social engineering — the text gets the victim's attention, and a follow-up phone call closes the scam.

What to do if your parent already clicked a smishing link

If your parent tapped a link in a smishing text and entered any information:

1. Check what was entered. Did they provide a password? Credit card? SSN? The response depends on what was compromised.
2. Change passwords for any accounts that may be affected.
3. Contact the bank or credit card company if payment information was entered. Request new cards and dispute any unauthorized charges.
4. Freeze credit at all three bureaus if personal identifying information was shared.
5. Run a security scan on the phone if the link may have installed malware (this is rare on iPhones but possible on Android).
6. Monitor accounts closely for the next 60-90 days.

A printable rule for the refrigerator

If your parent struggles with the nuances of identifying smishing, reduce it to one rule they can remember:

"Never tap a link in a text message. If it's real, you can find it by going to the website yourself."

Write this on a card and put it where they can see it — near the phone, on the refrigerator, or taped to the back of their phone case. Simple, visible reminders outperform lengthy explanations every time.

For a complete set of printable defense tools — including the Refrigerator Defense Sheet, step-by-step device security guides, and family communication protocols — the Elder Scam Shield puts everything in one toolkit for $14.

Related reading:

• Phishing Emails Targeting Seniors: How to Teach Your Parents to Spot Fake Messages
• The Grandparent Scam in 2026: How AI Voice Cloning Changed Everything
• Scams Targeting Seniors in 2026: The Complete Guide