Federal Communications Commission FCC-CIRC2303-04
5
loans and unemployment insurance.
18
Illegal texts can include links to phishing
19
websites that appear to
be the website of a legitimate company and deceive the victim into providing personal or financial
information.
20
Reports indicate that “smishing” fraud increased by 700% last year.
21
The potential harm
from illegal texts is more than just economic in nature; fraudulent, misleading texts can also erode trust in
our country’s political and campaign infrastructure.
22
Scam links can load malware onto phones that
steals passwords and other credentials.
23
WMC Global explains that account takeover is one of the most
prevalent methods used to deliver phishing attacks to consumers.
24
In perpetrating these attacks, a
scammer can use a stolen application programming interface (API) key assigned to a legitimate business
to send SMS phishing messages to victims.
25
18
See, e.g., FCC, COVID-19 Text Scams, https://www.fcc.gov/covid-19-text-scams (last visited Sept. 26, 2022);
FCC, Fear Fuels COVID-19 Contact Tracing Scams, https://www.fcc.gov/fear-fuels-covid-19-contact-tracing-
scams (last visited Dec. 21, 2022); FCC, Consumer Alert, Scam Robotexts are a Rising Threat, (July 28, 2022),
https://www.fcc.gov/robotext-scams-rise; FCC, Consumer Guides, Stop Unwanted Robocalls and Texts,
https://www.fcc.gov/consumers/guides/stop-unwanted-robocalls-and-texts (last visited Dec. 19, 2022); Federal
Trade Commission, Consumer Advice, How to Recognize and Report Spam Text Messages,
https://consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages (last visited Feb. 2, 2023);
Department of Justice, Federal Bureau of Investigations, Cyber Division, Cyber Criminals Create Fraudulent
Cryptocurrency Investment Applications to Defraud US Investors, (Jul. 18, 2022),
https://www.ic3.gov/Media/News/2022/220718.pdf; Internal Revenue Service, News Releases, IRS Reports
Significant Increase in Texting Scams; Warns Taxpayers to Remain Vigilant, (Sept. 28, 2022),
https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant;
NBC News, Kevin Collier, Odd Text from a Wrong Number? It’s Probably a Scam, (Jul. 29, 2022),
https://www.nbcnews.com/tech/security/wrong-number-text-scam-rcna39793; WMC Global Comments at 4
(Millions of consumers are receiving links to phishing websites and phishing messages purportedly from their state’s
workforce agency in an extensive and far-reaching campaign targeting U.S. consumers.).
19
WMC Global Comments at 2 (The most significant cyber threats to mobile users revolve around compromising
their personal information, often through brand impersonation or phishing. SMS phishing—commonly referred to
as “smishing”—is an extremely effective method and scammers are learning just how simple and profitable it is.).
“Smishing” is a term that combines SMS and phishing. Scammers use smishing to target consumers with deceptive
text messages sent to their smart devices. FCC, Avoid the Temptation of Smishing Scams,
https://www.fcc.gov/avoid-temptation-smishing-scams
(last visited Feb. 8, 2023).
20
See, e.g., Federal Trade Commission, Consumer Advice, How to Recognize and Avoid Phishing Scams,
https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
(last visited Dec. 21, 2022); AT&T,
Cyber Aware, Text Message Scams, https://about.att.com/pages/cyberaware/ni/blog/text_scams (last visited Dec. 21,
2022); Verizon, Smishing and Spam Text Messages, https://www.verizon.com/about/account-security/smishing-and-
spam-text-messages (last visited Dec. 21, 2022). See WMC Global Comments at 2 (During the COVID-19
pandemic, scammers began leveraging phishing kits, i.e., back-end source code packages used to launch phishing
attacks, to defraud both U.S. citizens and government agencies out of unemployment payments.)
21
Infobip Reply at 2-3, citing Weston Sabina. “Smishing attacks increased 700% in first six months of 2021,”
ITPro, (Sept. 14, 2021),
https://www.itpro.co.uk/security/scams/360873/smishing-attacks-increase-700-percent-
2021.
22
Campaign Verify Comments at 3.
23
Public Knowledge Reply at 2.
24
WMC Global Comments at 3.
25
WMC Global Comments at 3. The API keys are typically stolen through data breaches, business email
compromise, and insider threats. Id.