Scam of the Month: Phony Free Gift Texts. Don’t Click That Message

november 01, 2021 | fraud protection
Woman receiving a bogus text message from her phone carrier

Each month, IDShield's blog features a prevalent scam of the past few weeks to provide insights into how scams begin and ways you can detect them.

'Loaded' Text Messages on the Rise

"Here's a gift for you." Those words have a nice ring to them, don't they? The message sounds terrific, but data security specialists urge caution. You're now the proud owner of what's sometimes referred to as a loaded text. This type of SMS message has increased rapidly in the past two months, earning this tactic a turn in the spotlight as our Scam of the Month.

Fraudulent text tactics aren't new. In 2014, the Federal Trade Commission (FTC) settled a complaint against a group of shady text senders who promised free gift cards to anyone that replied. The agency also reclaimed $2.5 million consumers had lost. Unfortunately, this ploy has aged well over time—for the scammers at least.

Smish This!

This technique to invade digital devices is known as smishing—a mash-up of SMS or short message service and phishing. What's worthy with our Scam of the Month honoree is a wave of imposters claiming to be your cell phone provider. The ploy has hit AT&T, T-Mobile and Verizon users hard.

Texts read "Here's a gift for you" or "Here's something for you." One text approach claims to be a "thank you" gesture for your recent bill payment. Another discusses "service concerns" or "recent disruptions" in service. It would be swell if cell carriers provided compensation for system downtime, but they generally don't make such offers.

Texts offering free stuff often prove difficult to resist. Messages will boost their credibility by addressing you by name. Your cell number and name paired together were most likely compromised in a recent data breach like T-Mobile's August attack that lost these exact details for 850,000 customers. Information from older data breaches can also work.

Do not click this bait! If you do, you're likely to land on a spoofed website that perfectly impersonates the real deal. The page requires you to log in at AT&T or Verizon, for example, and presto! The hacker now has your account credentials and can roam through your usage, spend your money or even switch passwords to lock you out of the device. You may also receive a download of malware while visiting the imitation web page.

Patterns Persist

The root cause of a data leak often proves challenging to trace back to the initial breach or source. However, that wasn't the problem when a lower-priced service started to see actual device takeovers in early October of this year. Instead, the company blamed the breaches on credential stuffing—a practice of using breached login details on hundreds of different websites to determine what additional accounts they might unlock. An essential element in such hacks is the terrible practice of password recycling. Using the same password for numerous access points is a terrible idea.

Worst of all, these intruders can authorize large purchases that flood your credit card on file with the carrier. Some customers reported $1,000 purchases, for example, that could max out cards. While the company addressed through social media, it quickly took its strategy private responding on a case-by-case level via direct messages (DMs).

Detection Tools

The old standby of hovering your mouse cursor over an embedded link won't work here. Senders employ a link-shortening site like to cloak their accurate web address. You could end up anywhere if you clicked that link.

It doesn't always take a rocket scientist to spot the scam. For example, a text on your work device could address you personally. Likewise, one from a cell carrier you don't use is a dead giveaway. Perhaps, a past provider shouldn't be texting you at your current number regarding bill payments. Con artists are persistent, however, and sooner or later, you'll get a loaded text you won't be able to evaluate easily.

Shield Yourself

Anti-virus software on your mobile device can protect you against most malware. Common sense is a must-use tool. Just say NO to clicks. Consider adding a VPN, or virtual private network, to your security tools. VPNs cloak your web traffic and hide your browsing history boosting privacy. IDShield's member services package now includes this valuable VPN encryption feature. With a VPN and up-to-date anti-virus software, you might type in the shortened URL you received to explore that rabbit hole as it leads you downward.

IDShield services assist in phony text detection through monitoring. Our members simply enter their phone numbers and we monitor those digits 24/7. We'll alert you if the combination turns up anywhere you don't want it to be.


IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. IDShield plans are available at individual or family rates. For complete terms, coverage, and conditions, please see an identity theft plan. This is meant to provide general information and is not intended to provide legal or tax advice, render an opinion, or provide any specific recommendations.

Pre-Paid Legal Services, Inc. (“PPLSI”) provides access to legal services offered by a network of provider law firms to PPLSI members through membership-based participation. Neither PPLSI nor its officers, employees or sales associates directly or indirectly provide legal services, representation, or advice. The information available in this blog is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations. The blog post is not a substitute for competent legal counsel from a licensed professional lawyer in the state or province where your legal issues exist and the reader is strongly encouraged to seek legal counsel for your specific legal matter. Information contained in the blog may be provided by authors who could be a third-party paid contributor. All information by authors are accepted in good faith, however, PPLSI makes no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of such information.

Learn more about protecting yourself against identity theft and fraud