smishing Scam
Bank OTP Harvesting SMS
Attackers spoof banks and push urgent texts asking for one-time passcodes to “cancel transfers.” WebVetted inspects sender IDs, embedded links, and screenshot metadata to prove the SMS is fraudulent.
Red flags
- Text demands your OTP even though banks never ask for it.
- Shortened links redirect to domains unrelated to the bank.
- Sender name uses generic IDs like NOTICE or URGENT.
How to Respond
- Upload the screenshot to the Text Message Analyzer to review metadata and links.
- Log into your bank through the official app to confirm no actions are needed.
- Report the SMS to your bank’s fraud inbox and your telecom regulator.
📌 Case study
We captured Chase-branded SMS that hijacked an AWS bucket to host fake login pages. Another run spoofed Barclays and forwarded OTPs to a Telegram bot in real time.
smishing Scam
Courier Delivery QR Code SMS Scam
Some SMS lure recipients into scanning a QR code that loads a malicious site or APK disguised as delivery tracking. WebVetted extracts the QR destination, SSL fingerprints, and malware reports.
Red flags
- QR code embedded in the SMS image with no text alternative.
- Tracking ID does not match courier formats.
- Message threatens storage fees unless you scan immediately.
How to Respond
- Upload the screenshot to the Text Message Analyzer so WebVetted can decode the QR.
- Instead of scanning, check the courier website manually using your browser.
- Forward the SMS and decoded URL to the courier’s abuse desk.
📌 Case study
A UPS-themed SMS circulated with a QR that downloaded spyware onto Android devices. Another attack printed FedEx logos over QR stickers and instructed victims to scan for “route confirmations.”
Related tools
smishing Scam
Fake School Fee Payment SMS
Scammers spoof schools and claim your child’s tuition is overdue, linking to payment portals that steal cards. WebVetted reviews sender IDs, payment processors, and domain metadata to flag the hoax.
Red flags
- Text arrives outside school hours and demands immediate payment.
- Payment link doesn’t use the district’s usual domain.
- Grammar errors or missing student details in the message.
How to Respond
- Analyze the SMS with the Text Message Analyzer to capture the payment link.
- Call the school using numbers from the official website before paying.
- Share the scam alert with other parents and the district communications team.
📌 Case study
Districts in Texas reported parents receiving SMS with bogus tuition portals that funneled to personal Stripe accounts. Another scheme asked for cafeteria fees via Cash App and spoofed the principal’s name.
smishing Scam
Family Emergency WhatsApp Impersonation
Scammers spoof relatives on WhatsApp, claim their phone is broken, and beg for urgent transfers. WebVetted reviews language patterns, contact photos, and linked payment accounts to expose the impersonation.
Red flags
- New number pretends to be your child or sibling with no prior chat history.
- Message insists on secrecy or says the phone microphone is broken.
- Payment request points to unfamiliar bank accounts or gift cards.
How to Respond
- Submit the chat to the Text Message Analyzer to archive numbers, names, and payment links.
- Call the real family member using a known number before sending money.
- Report the impersonation to WhatsApp and your local police with the WebVetted report.
📌 Case study
One victim wired funds after a “son” claimed he needed bail money, only to discover the real son was asleep. Another case saw scammers steal profile pictures from public Instagram accounts to make WhatsApp avatars.
smishing Scam
Impersonated Boss Urgent Payment SMS
Business text compromise actors spoof executives and instruct staff to pay vendors or buy gift cards. WebVetted reviews timing, writing style, and payment instructions to confirm the spoof.
Red flags
- Message insists you keep the request confidential.
- Sender refuses to hop on a quick call or use corporate email.
- Payment destination is a personal wallet or prepaid card.
How to Respond
- Upload the SMS to the Text Message Analyzer to record numbers and language.
- Call or message your boss through official channels to verify the request.
- Forward the attempt to your security team so they can alert others.
📌 Case study
Manufacturing staff received texts from a fake CEO demanding eBay gift cards for “client gifts.” Another scam asked a finance analyst to wire funds to a new vendor with no purchase order.
Related tools
smishing Scam
Instant Loan Approval SMS Funnel
SMS funnels claim you qualify for loans and direct you to landing pages that harvest SSNs or charge fees. WebVetted compares sender IDs, domain ownership, and payment requests to expose the funnel.
Red flags
- Promises “guaranteed approval” regardless of credit.
- Link leads to forms with no HTTPS or privacy notice.
- Text urges you to reply with full SSN or bank info.
How to Respond
- Process the SMS through the Text Message Analyzer to review the domains.
- Check the lender name against state licensing registries before applying.
- Warn others in community groups and report the sender to spam hotlines.
📌 Case study
We tracked a payday SMS funnel that sent victims to a Russian domain collecting identity kits. Another message lured gig workers into paying “processing fees” via prepaid cards.
Related tools
smishing Scam
Mobile Wallet PIN Reset SMS Scam
Attackers trigger wallet reset flows and then text you posing as support to capture the code. WebVetted reviews the SMS headers, timing, and embedded instructions to flag the lure.
Red flags
- Text arrives even though you did not request a reset.
- Sender instructs you to reply with the code for verification.
- Link shorteners lead to login pages that do not match the wallet’s domain.
How to Respond
- Upload the SMS to the Text Message Analyzer and note the timestamp versus actual reset emails.
- Change your wallet password directly in the app and enable stronger MFA.
- Report the incident to the wallet’s fraud desk so they can alert other customers.
📌 Case study
Cash App users reported texts that forwarded PIN codes to a Telegram channel monitored by scammers. Another wave imitated Venmo and claimed an account lock unless you shared the code within five minutes.
Related tools
smishing Scam
Parcel Fee Phishing SMS
Fraudsters claim you owe customs or handling fees, linking to fake courier portals. WebVetted decodes the link structure, hosting details, and typography to show the text is bait.
Red flags
- SMS references a package ID you never saw before.
- Link domain uses random strings or unfamiliar couriers.
- Message threatens to destroy the parcel within 24 hours.
How to Respond
- Upload the message to the Text Message Analyzer to extract URLs safely.
- Contact the courier through its verified website or phone number.
- Forward the SMS to your national spam reporting shortcode.
📌 Case study
We logged DHL-themed SMS that redirected to a Shopify checkout capturing card data. Another series spoofed USPS and installed spyware via sideloaded APKs.
smishing Scam
Telegram Airdrop Link Farm Scam
Link farm channels promise token drops if you click through dozens of shortened URLs, often landing on wallet drainers. WebVetted maps every URL, hosting region, and contract call to uncover the trap.
Red flags
- Channel forwards the same airdrop instructions across multiple groups.
- Payout addresses rotate daily with no smart contract transparency.
- Admins block comments or delete questions about risk.
How to Respond
- Feed the chat into the Text Message Analyzer to catalog every link safely.
- Verify airdrop announcements on the project’s official X or Discord before connecting wallets.
- Warn other members and leave the channel once you confirm the scam.
📌 Case study
We reviewed a chain of channels pushing Solana airdrops that all led to the same drainer script. Another operation forced users to complete “missions” that installed spyware APKs.
Related tools
smishing Scam
Telegram KYC Update Request Scam
Phishers send Telegram chats posing as exchanges or bots that demand fresh KYC documents. WebVetted captures handle metadata, bot history, and attachment hashes to prove the request is fake.
Red flags
- Bot claims your account will be frozen within hours unless you respond.
- Requests selfies with ID plus bank statements in the same message.
- Links lead to forms hosted on consumer file-sharing sites.
How to Respond
- Submit screenshots to the Text Message Analyzer to archive handles and links.
- Contact the exchange through official support portals to confirm no KYC refresh is required.
- Report the Telegram bot and warn fellow traders in public channels.
📌 Case study
We logged Binance-branded bots pushing users to upload passports to a Google Drive folder. Another crew spoofed OKX admins and asked for “VIP verification” plus a 0.1 BTC fee.
smishing Scam
Two-Factor Reset Lure by SMS
Threat actors trigger 2FA prompts, then text pretending to be support asking for codes or urging you to disable MFA. WebVetted evaluates the message headers, timing, and instructions to prove it is social engineering.
Red flags
- Message says “reply STOP to keep account active.”
- Requests the full 2FA code or recovery backup code.
- Links lead to lookalike login portals.
How to Respond
- Submit the SMS to the Text Message Analyzer and capture the code request language.
- Ignore the text and approve or deny login requests inside your authenticator app.
- Rotate passwords and review account security logs if you clicked any link.
📌 Case study
Crypto traders reported SMS telling them to disable 2FA so a “fraud team” could investigate. Another case targeted Microsoft admins with links to a cloned login page.
Related tools
smishing Scam
Utility Disconnection Threat SMS
Fraudsters pretend to be power companies, threatening shutoffs unless you pay immediately. WebVetted inspects callback numbers, account details, and payment instructions to show the message is fake.
Red flags
- Claims your power will be cut in 30 minutes unless you pay.
- Requests prepaid cards, Bitcoin, or Zelle transfers.
- Caller ID or SMS short code differs from previous utility alerts.
How to Respond
- Upload the SMS into the Text Message Analyzer to log numbers and scripts.
- Call your utility using the phone number printed on a past bill.
- Report the attempt to the state public utility commission with the evidence.
📌 Case study
One scam blasted SMS to Ohio residents telling them to call a “billing hotline” that forwarded to criminals. Another told restaurants their gas would be shut off and demanded Cash App payments.
Related tools
smishing Scam
WhatsApp Group Spoofed Brand Alerts
Scammers create WhatsApp groups pretending to be official brand support, then sell fake promos or phishing links. WebVetted inspects group invite metadata, admin numbers, and outbound URLs to prove the spoof.
Red flags
- Group icon and title mimic your brand but admins are unverified numbers.
- Messages push coupon codes that require sending money first.
- Group description links to third-party checkout pages.
How to Respond
- Upload screenshots to the Text Message Analyzer to archive group info and links.
- Alert your customers on official social channels with the real contact methods.
- Report the group to WhatsApp and pursue legal takedowns if needed.
📌 Case study
A telco found dozens of “VIP support” groups that charged onboarding fees before vanishing. Another brand saw counterfeit voucher groups that redirected shoppers to Bitly links collecting cards.
Related tools
smishing Scam
WhatsApp Lottery Winner Scam
Lottery scammers claim you won a prize but must pay taxes or provide ID to collect. WebVetted inspects sender numbers, document attachments, and banking instructions to expose the grift.
Red flags
- Message claims you were “selected randomly” even though you never entered.
- Spelling mistakes and odd capitalization inside official-sounding letters.
- Requests for wire fees or gift cards before prize release.
How to Respond
- Analyze the chat with the Text Message Analyzer to capture attachments and bank info.
- Contact the real lottery organization through official numbers to confirm the message is fake.
- File a complaint with your gaming regulator or police and include the WebVetted report.
📌 Case study
We saw scammers spoof national lotteries and send doctored certificates via WhatsApp attachments. Another version pretended to be a social media raffle but asked winners to buy iTunes cards first.
smishing Scam
WhatsApp Remote-Control APK Scam
Scammers pretend to be support agents and send APKs that grant remote control of your phone. WebVetted analyzes the APK hash, certificate, and requested permissions to prove it is malware.
Red flags
- Agent claims they cannot help unless you install a support app.
- APK size is suspiciously large and unsigned by a major vendor.
- Message includes multiple warnings not to talk to anyone else.
How to Respond
- Submit the APK link via the Text Message Analyzer to capture metadata safely.
- Delete any downloaded files and run a malware scan on your device.
- Alert your bank or service provider that credentials may be compromised.
📌 Case study
We examined APKs sent by “bank support” that immediately harvested SMS codes and forwarded them to a command server. Another variant pretended to be a courier support tool but loaded a banking trojan.
Need evidence for a bank or police report?
Generate a full entity dossier plus user-submitted reviews and then share the PDF with law enforcement or platform trust teams.