Key Takeaways: FBI Mobile Scam Warnings 💡
• Should I delete suspicious texts immediately? Yes. The FBI is urging all iPhone and Android users to delete “smishing” messages immediately, as cybercriminals have registered more than 10,000 domains to fuel these scams.
• Are texts between iPhone and Android users safe? No. The FBI and CISA are warning that texts between Android and iPhone users lack automatic encryption and could be intercepted following the Salt Typhoon hack of major U.S. telecommunications providers.
• What’s the biggest scam right now? Fake DMV and toll road texts have surged over 700% in recent months, with states including Tennessee, New York, California, Florida, Georgia, Illinois, Texas, and Washington D.C. affected.
• Can scammers really clone my family’s voices? Yes. Consumer-grade AI tools can now produce a functional voice clone from just 10 seconds of audio, and the FBI has been tracking these campaigns since 2023.
• What should I use instead of regular texting? Officials from CISA and the FBI urged Americans to use encrypted messaging apps like Signal and WhatsApp to avoid having their communications intercepted.
• Where do I report scams? File a complaint with the FBI’s Internet Crime Complaint Center at ic3.gov with details including phone numbers and website links from scam messages.
🚨 1. Yes, Chinese Hackers Really Did Infiltrate Your Phone Network—And They’re Still There
This isn’t conspiracy theory territory. U.S. government officials confirmed that the China-backed hacking group dubbed Salt Typhoon remained inside the networks of America’s largest phone and internet providers, and officials don’t yet have a timeline for when these hackers will be fully eradicated.
The scope is staggering. The attack hit at least eight telecommunications and infrastructure firms in the U.S., with hackers accessing call record metadata including who individuals called, how long calls lasted, and caller locations. AT&T, Verizon, and Lumen were reportedly deeply compromised, with the access allowing Chinese hackers to intercept real-time unencrypted calls and text messages as they traveled over phone carriers’ networks.
The U.S. Intelligence Community assesses that China is “the most active and persistent cyber threat” to U.S. institutions. None of Salt Typhoon’s methods appear to be highly sophisticated—many of their intrusion methods align with existing weaknesses in telecom infrastructure.
| What Happened | Who’s Affected | 💡 What To Do |
|---|---|---|
| Chinese hackers breached major telecom networks | All Americans using major carriers | Switch to encrypted messaging apps immediately 📱 |
| Real-time calls and texts were intercepted | Government officials, presidential candidates targeted | Use Signal, WhatsApp, or similar encrypted services 🔐 |
| Hackers accessed court-order surveillance systems | National security implications | Enable two-factor authentication on all accounts ✅ |
💡 Pro Tip: “Encryption is your friend, whether it is on text messaging or if you have the capacity to use encrypted voice communications, even if the adversary is able to intercept the data if it is encrypted, it will make it impossible, if not really hard, for them to detect it,” said Jeff Greene, CISA Executive Assistant Director for Cybersecurity.
📱 2. Those Toll Road Texts Will Steal More Than Your $11.69—They Want Your Entire Identity
Cybercriminals have registered more than 10,000 domains to fuel smishing scams, which initially started with fraudulent toll payment notifications and have since expanded to fake delivery service alerts.
Here’s how it works: The scam messages commonly follow a similar pattern where the user is notified of an unpaid bill requiring immediate action to avoid penalties, followed by a link directing the user to a fake payment portal. Since Apple’s iMessage blocks suspicious links, scammers now instruct users to copy and paste the URL into their web browser, making detection harder.
New York State DMV Commissioner Mark J. F. Schroeder stated, “These scammers flood phones with texts, hoping to trick unsuspecting people into handing over their personal information. DMV will never send texts asking for sensitive details.”
A local news investigation found that when victims attempted to make a payment, they received an error message claiming their card had been declined, encouraging them to enter multiple card details and giving scammers access to even more financial information.
| Scam Type | Warning Signs | 💡 Immediate Action |
|---|---|---|
| Fake toll notifications | Claims unpaid balance with urgent deadline | Never click links—verify directly with toll agency 🚗 |
| Package delivery alerts | Asks you to “reply Y” to receive link | Delete immediately and report to 7726 (SPAM) 📦 |
| DMV license threats | Threatens suspension or jail time | Real agencies contact you by mail, not text ✉️ |
💡 Pro Tip: If you’re worried a toll text is legitimate, check with the state’s tolling agency using a phone number or website you know is real—never use the contact information from the text itself. The FBI recorded 59,271 complaints about toll scams in 2024.
🎭 3. That Voice Calling From “Grandma” or “Your Boss” Might Be a Robot Clone—Here’s How to Tell
This is where things get genuinely unsettling. Since April 2025, malicious actors have impersonated senior US officials by sending text messages and AI-generated voice messages in an effort to establish rapport before gaining access to personal accounts.
Voice deepfakes surged 442% between the first and second half of 2024, and American companies lost over $200 million to deepfake fraud in the first quarter of 2025 alone. The technology is frighteningly accessible—creating a convincing voice clone now costs less than two dollars.
In July 2025, Sharon Brightwell of Dover, Florida, received a call from what sounded like her crying daughter claiming she had been in a car accident. Overwhelmed by emotion and the apparent need for immediate action, Brightwell sent $15,000 in cash to a courier. Only after speaking to her real daughter did she realize she had been listening to an AI-generated imitation.
The FBI warns that AI-generated content has advanced to the point that it is often difficult to identify, and recommends never sharing sensitive information with people you have only met online or over the phone.
| AI Scam Tactic | Red Flags | 💡 Defense Strategy |
|---|---|---|
| Voice-cloned family emergency | Extreme urgency, requests for immediate wire transfers | Create a family “safe word” only real members know 🔑 |
| Fake executive business calls | Unusual payment requests, pressure to bypass protocols | Hang up and call back on verified number ☎️ |
| Impersonated government officials | Requests to move conversation to encrypted platforms | Verify through official channels before responding 🏛️ |
💡 Pro Tip: The FBI recommends establishing a family code word—a secret phrase that only your real family members would know. If someone calls claiming to be a relative in distress, ask for the code word before taking any action.
💰 4. Seniors Are Losing Billions—But Everyone’s a Target in This $16 Billion Crime Wave
The numbers paint a devastating picture. People over the age of 60 suffered the most financial losses and submitted the highest number of complaints in 2024, with this age group filing 147,127 complaints—a 46% increase from 2023—with total losses reaching $4.885 billion.
Notably, 7,500 complainants aged 60 or older lost more than $100,000 each, with an average loss of $83,000. Cryptocurrency played a central role in cybercrime losses, with nearly 150,000 complaints involving digital assets amounting to $9.3 billion in losses—a 66% increase from the previous year.
Investment fraud led in total dollars lost at $6.57 billion, followed by Business Email Compromise scams at $2.77 billion and tech support fraud at $1.46 billion.
California, Texas, and Florida led the nation for both internet crime complaints and financial losses, with California seniors alone losing $832 million, Texas $489 million, and Florida $388 million.
| Crime Category | 2024 Losses | 💡 Who’s Most Vulnerable |
|---|---|---|
| Investment fraud | $6.57 billion | Cryptocurrency investors, retirement savers 📈 |
| Business email compromise | $2.77 billion | Small business owners, finance employees 💼 |
| Tech support scams | $1.46 billion | Adults over 60, less tech-savvy users 🖥️ |
| Romance scams | Included in $13.7B fraud total | Lonely individuals, online daters 💔 |
💡 Pro Tip: Monitor your accounts regularly to watch for irregular transactions and take action quickly if you spot any transfers or withdrawals you don’t recognize. Set up two-factor authentication on all accounts and never give out your two-factor authentication codes.
🔒 5. Stop Texting Between iPhone and Android Right Now—Here’s What Actually Keeps You Safe
Texts between an iPhone and iPhone or Android and Android are encrypted, but texts sent between iPhone and Androids don’t have that same automatic encryption, meaning those messages could be intercepted by scammers.
FBI Assistant Special Agent In Charge Jay Patel identified two categories of bad actors: “One would be the financially motivated, loosely organized groups that are here in the U.S. and overseas. And the other would be nation state threat actors that are funded and backed by established governments.”
The FBI also warns that two-factor authentication texts could potentially get stolen because they’re usually not encrypted. Some scammers simply trick you into giving up that information: “A lot of these threat actors use social engineering techniques. So once you get that text message, they’ll say, ‘Hey, you won the lottery. If you could give me that next message that you’re going to see with that number and you respond right away, you will win something,'” explained Patel.
| Messaging Method | Security Level | 💡 FBI Recommendation |
|---|---|---|
| iPhone to iPhone (iMessage) | Encrypted ✅ | Generally safe for routine communication 💙 |
| Android to Android (RCS) | Encrypted ✅ | Generally safe for routine communication 💚 |
| iPhone to Android (SMS) | NOT encrypted ❌ | Switch to Signal, WhatsApp, or Telegram immediately ⚠️ |
| SMS two-factor codes | Vulnerable to interception ❌ | Use authenticator apps or hardware keys instead 🔐 |
💡 Pro Tip: The FBI advises turning off your devices every few weeks and allowing automatic updates on smartphones to patch security vulnerabilities. CISA specifically recommends moving away from SMS-based multi-factor authentication and replacing it with phishing-resistant options like FIDO2-enabled security keys.
📞 6. If You Hear These Words on a Call, Hang Up Immediately—No Exceptions
The FBI issued a warning to hang up if you receive calls where scammers use “spoof” caller ID numbers to masquerade as banks, law enforcement agencies, and even government departments like U.S. Customs and Border Protection.
These calls typically start with urgent claims that your bank account is under attack or that police have a warrant for your arrest. Once victims are on the line, the bad actors pressure them into transferring funds or installing malware on their devices using scare tactics.
Law enforcement agencies from Virginia and New York have reported incidents where people were coerced into handing over money, with scammers even using the real names of police officers or government officials to sound more legitimate.
If you receive calls demanding payment through gift cards, cryptocurrency, or wire transfers, these are almost always scam signals. Real law enforcement agencies never ask for money over the phone this way.
| Scam Call Script | Reality Check | 💡 Your Response |
|---|---|---|
| “Your bank account has been compromised” | Banks don’t call demanding immediate wire transfers | Hang up and call your bank directly 🏦 |
| “There’s a warrant for your arrest” | Police don’t call demanding payment to avoid arrest | Hang up immediately—this is 100% fraud 👮 |
| “Pay with gift cards to resolve this” | No legitimate organization accepts gift card payments | Never buy gift cards for someone you don’t know 🎁 |
| “Don’t tell anyone about this call” | Secrecy demands are hallmarks of fraud | Tell someone you trust immediately 🗣️ |
💡 Pro Tip: The FBI reiterates that if you get a call from someone asking you for money, you should immediately hang up. Don’t press any buttons and don’t hand over any personal information.
🛡️ 7. Your 7-Point Defense Shield Against Every Mobile Scam the FBI Has Identified
Protection requires layered defenses. Based on FBI, FTC, and CISA recommendations, here’s your comprehensive protection strategy:
First, be careful about details you share on social media, including your pet’s name, birthday, date of birth, and information about family members. Sharing this information allows criminals to trick you into giving login credentials or answer security questions.
Second, bookmark the websites of your financial institutions and visit them directly so you never click on a third-party link.
Third, don’t click on any links in, or respond to, unexpected texts. Scammers want you to react quickly, but it’s best to stop and check it out.
Fourth, report and delete unwanted text messages using your phone’s “report junk” option or forward them to 7726 (SPAM).
Fifth, if contacted by someone you know well via a new platform or phone number, verify the new contact information through a previously confirmed platform or trusted source.
Sixth, do not send money, gift cards, cryptocurrency, or other assets to people you do not know or have met only online or over the phone.
Seventh, when in doubt about the authenticity of someone wishing to communicate with you, contact your relevant security officials or the FBI for help.
| Protection Layer | Implementation | 💡 Why It Works |
|---|---|---|
| Encrypted messaging | Download Signal or WhatsApp today | Makes intercepted data unreadable 🔒 |
| Phishing-resistant MFA | Use authenticator apps or hardware keys | Codes can’t be stolen via text interception 🛡️ |
| Family verification system | Establish secret code words | Defeats even perfect voice clones 👨👩👧 |
| Social media hygiene | Remove personal details from public profiles | Eliminates social engineering ammunition 🧹 |
| Direct verification | Always call back on known numbers | Bypasses spoofed caller ID completely ☎️ |
❓ Q: What Should I Do If I Already Clicked a Suspicious Link or Gave Information to Scammers?
Time is critical. The FBI’s Recovery Asset Team works with financial institutions and field offices to facilitate the freezing of funds for victims, but speed matters tremendously.
Immediately contact your bank and all financial institutions involved in any transactions. Request they freeze affected accounts and reverse any unauthorized transfers. The FBI’s Financial Fraud Kill Chain team handled 3,020 asset freeze requests in 2024, freezing $560 million in funds with a 66% recovery success rate.
Within 24 hours, file a complaint at ic3.gov with every detail you can remember—phone numbers, website addresses, transaction amounts, and any correspondence. Include identifying information about the individuals including name, phone number, address, and email address, plus financial transaction information such as dates, payment types, amounts, and account numbers involved.
Change all passwords for any accounts that may have been compromised. Enable two-factor authentication using authenticator apps rather than SMS. Monitor your credit reports for unauthorized accounts.
| Timeframe | Critical Action | 💡 Why Urgency Matters |
|---|---|---|
| Immediately | Contact banks to freeze accounts | Funds can be recovered if caught quickly 💰 |
| Within 24 hours | File IC3 complaint with full details | Enables FBI to track patterns and freeze assets 📋 |
| Within 48 hours | Change all passwords, enable MFA | Prevents secondary account compromises 🔐 |
| Ongoing | Monitor credit reports weekly | Catches identity theft attempts early 📊 |
❓ Q: Are These Scams Really That Different From What We’ve Seen Before?
The scale and sophistication have fundamentally changed. The FBI warns that criminals now exploit generative artificial intelligence to commit fraud on a larger scale, which increases the believability of their schemes and reduces the time and effort criminals must expend to deceive their targets.
AI weaponization has driven a 1,265% surge in phishing emails since the launch of generative AI tools. The use of voice cloning for fraud jumped by over 400% in 2025, and research shows most people struggle to tell a cloned voice from the real thing.
Cybersecurity experts believe that the smishing scam operates as a franchise model, leveraging tool kits from Chinese cybercriminal groups. Cybersecurity firm Zimperium warned that cybercriminals are increasingly adopting a “mobile-first attack strategy” because the convenience of smartphones makes people more likely to click on text messages than emails.
Final Word: Your Phone Is a Doorway—Guard It Like One
Cyber-enabled fraud accounted for nearly 83% of all losses reported to the FBI in 2024, with 333,981 complaints and a staggering $13.7 billion in losses. These aren’t faceless statistics—they represent real people who lost real savings to criminals who continue operating with relative impunity.
The FBI has stated bluntly that voice alone can no longer serve as proof of identity, and AI-generated content has advanced to the point that it is often difficult to identify.
The criminals are sophisticated. They’re funded. They’re patient. But they’re also predictable. Every scam ultimately relies on urgency, emotion, and bypassing your rational judgment. When someone demands immediate action, that’s precisely when you should slow down, verify independently, and refuse to be rushed.
If you have suffered from a cyber-enabled crime, know that you are not alone. The FBI’s IC3 houses over nine million complaints and continues to encourage anyone who thinks they’ve been victimized to file a report, regardless of dollar loss.
Your vigilance protects not just yourself, but everyone the FBI can warn and every criminal operation their data helps dismantle. Stay alert. Stay skeptical. And keep your phone—that powerful computer in your pocket—defended like the valuable target it is.