Samsung Unpacked: Everything Announced Galaxy Buds 2 Pro Preorder Galaxy Watch 5 Galaxy Z Fold 4 Dell XPS 13 Plus Review Galaxy Z Fold 4 Preorder Apple TV 4K vs. Roku Ultra Galaxy Z Flip 3 Price Cut
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

A Spam Text From Your Own Number? Don't Get Phished

Verizon customers, don't click that "Free Msg" link.

verizon logo on a phone
Sarah Tew/CNET

Have you received a dubious text message that looks like it came from your own number? You're not alone. Many Verizon customers reported getting similar messages this week, encouraging them to click an obscure link for a gift. The carrier says it's working with police to stop these texts.

"Verizon is aware that bad actors are sending spam text messages to some customers which appear to come from the customers' own number," a Verizon representative said in an emailed statement. "Our team is actively working to block these messages, and we have engaged with US law enforcement to identify and stop the source of this fraudulent activity."

A relative of a CNET team member got a text that matched the description of similar messages that were received by other Verizon customers and have been called out in social media and news reports. "Free Msg: Your bill is paid for March," the message said. "Thanks, here's a little gift for you." The message included a cryptic link that made it impossible to know what it was about.

screenshot-2022-03-29-at-7-46-16-am

This spam text message was received by the relative of a CNET team member. The message looked as if it came from the person's own phone number.

Chris Paukert/CNET

In some cases, the links in these texts direct people to what looks like a prompt to take a Verizon customer survey. "Dear Verizon customer, we would like to personally thank you for always paying your Verizon bills on time by giving you a Free Apple Watch Series7!" the message says. "All we ask from you is to answer a few quick questions about your recent experiences with Verizon's services." The message ends with a link to take the survey, encouraging the recipient to take it as soon as possible because "this exciting offer is only available today."

The uptick in spam messages that mobile phone users are receiving comes after the US government doubled down on its fight against robocalls. Last year, the US Federal Communications Commission mandated that phone and cable companies implement a technology called Stir/Shaken that's designed to curb the tide of spam calls by requiring voice providers to verify where calls are coming from. The move has, however, led criminals to explore other avenues to keep trying to scam mobile phone users.

"Stir/Shaken has shut down one avenue," Clayton LiaBraaten, senior advisory board member at Truecaller, which makes a spam-blocking and caller ID app, told CNET in December. "But it's making already very capable criminals even more sophisticated and sinister in their scams."

A Verizon customer who received a spam message almost identical to the one received by the CNET employee's relative posted about it in December on the Verizon Community blog, wondering if the message and link were some sort of phishing attempt. "We cannot confirm it is a valid link," a Verizon customer support representative said in a reply to the post. "We recommend not pressing on it."

Spam texts like these are one of many forms of phishing, where hackers make use of human error to gain access to sensitive information, typically by preying on gaps in a victim's tech savvy. Instead of a brute force attack, the cybercriminal poses as a legitimate organization or a familiar face -- in this case texts from a victim's own phone number -- and issues a call to action that sounds either fun or urgent (which gives victims little time to think twice). Hackers can use a technique called "spoofing" to disguise their identity by deliberately falsifying the information transmitted to your caller ID display.

After you're lured into a false sense of security and take the bait, the phisher nets your sensitive information. Phishing attempts aren't exclusive to mobile phones. They can be disguised as quizzes or questionnaires on social media, too, with questions designed to trick you into revealing info you might use to verify your accounts.

If you receive a mysterious text message encouraging you to click on a link, verify the origin of the message before taking any further action, even if the contact seems legitimate -- including your own phone number.