That seemingly innocent text is probably a scam

A special thanks to all the people at Malwarebytes and ThreatDown for sharing the text messages they received from scammers.

Many of us have received texts like these. Often super short, some flirty, some with a business tone, or sometimes just a simple ‘hello.’

You don’t know the sender, and they look like an honest mistake. But they’re not. All the messages are carefully crafted to seem plausible—so you don’t immediately feel suspicious—and short—to trigger your curiosity.

The intention of these messages are to get you to be confused enough that you will reply, perhaps by saying they have the wrong number.

Here are some of the messages our team has received recently:

1. The one-word text

2. The “who are you again?” text

3. The “tempting” text

Sometimes these involve inviting you for fun activities on the weekend, like a BBQ or some beach time. Sometimes, it’s just a dinner suggestion:

4. The business text

5. The “OMG i just woke up” text

These are just some examples, but we’ve seen so many more.

As soon as you reply, the scammer will initiate a friendly conversation. Their end goal will be to gain your trust and develop the relationship into a costly romance or investment scam.

From their end at least, some of my co-workers told them to go phish elsewhere.

However funny, we don’t recommend engaging with scammers in this or any other way. Here’s why:

Why you should never respond

• Responding confirms your number is active.
• It flags you as someone who reads texts and might engage.
• The scammer may sell or share your number.
• Some groups build long-term “mark profiles” for future scams. Even though you think you’re only providing them with little to none information, scammers often track who replies, how they reply, and how easily they engage. That data becomes part of a “mark profile”, a digital dossier on you that might include your phone number, the time of response (which suggests your schedule or time zone), and any other information you share.

What you should do instead of replying

• Don’t reply, not even to be helpful. Don’t engage in conversation, even if they seem friendly.
• Never click on links.
• Block the number.
• Report the message to your carrier (In the US, most carriers support forwarding spam texts to 7726).
• Share examples (anonymized) to help others. One way to do this is to use Malwarebytes Scam Guard, which also helps you assess if a message is a scam or not.

We don’t just report on scans—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!