ScamGuard

✉️ SMS Scam Checker

Got a suspicious text? Paste it here. ScamGuard's AI tells you instantly whether it's a courier-fee scam, fake bank alert, tax refund con, or OTP-hijack attempt — and what to do next.

Analyze With ScamGuardRun Deep AI Investigation
Chat with ScamGuard on WhatsApp

We send the text to ScamGuard's AI investigator — verdict (Scam / Suspicious / Safe), red flags and a recommended next step.

What ScamGuard checks for

  • Detects courier, bank, tax, and OTP smishing scripts
  • Expands shortened links and verdicts the destination
  • Looks up the sender number in our database
  • Flags brand-impersonation and sender-ID spoofing
  • Trained on thousands of confirmed smishing samples
  • Free first check, no signup

How this scam works

  1. 1
    Number list acquisition

    Scammers buy or scrape lists of phone numbers — leaked from data breaches, public job-seeker groups, or sequentially dialled.

  2. 2
    Sender-ID spoofing

    Bulk-SMS gateways allow scammers to display almost any sender ID — 'DHL', 'SARS', your bank — even though the actual number is theirs.

  3. 3
    Pretext crafting

    A believable cover story is picked (parcel, refund, fraud alert) and a short SMS is written that creates urgency or curiosity.

  4. 4
    Mass send

    Thousands or millions of identical SMS go out simultaneously. They only need a tiny fraction to click.

  5. 5
    Landing page harvest

    Anyone who clicks lands on a near-perfect lookalike of the legitimate website — bank login, courier portal, tax site — that captures credentials, card data, and any OTPs.

  6. 6
    Cash-out

    Captured details are used immediately (or sold) for unauthorised purchases, account takeover, or fraudulent loans in your name.

⚠️ Red flags and warning signs

  • SMS arrives from a short code or unknown number with a generic greeting
  • Mentions an unexpected refund, fine, or delivery fee
  • Contains a shortened or unfamiliar link (bit.ly, .xyz, .top)
  • Creates urgency: '24 hours', 'final notice', 'account suspended'
  • Asks you to call a number you don't recognise
  • Sender ID is your bank name but the wording feels off
  • Asks you to share a 6-digit verification code
  • Promises a tax refund, prize win, or free phone
  • Multiple identical SMS in quick succession
  • Spelling or grammar mistakes in a 'corporate' message

Real scam examples

The DHL / SAPO / FedEx parcel fee

'Your parcel has been held at customs. Pay R45 / $2.50 / £1.99 fee here: http://dhl-pay.xyz to release delivery.' Couriers never charge customs via an SMS link — the link harvests your card details and 3D Secure OTP.

The bank fraud alert

'BANK ALERT: An unrecognised payment of R8,420 was made on your account. If this was not you, click here to reverse: bnk-reverse.live'. Real bank fraud notifications never include a 'reverse it' link — they tell you to call the number on the back of your card.

The tax refund

'SARS / IRS / HMRC: You are owed a refund of R3,420. Submit your banking details: secure-tax.refund.app'. Tax authorities never request banking details over SMS.

The verification code request

'Your code is 481-203. Do NOT share it with anyone.' Then a separate WhatsApp or call from a 'friend' asks you to forward the code. That's an OTP-hijack attempt — see our WhatsApp verification code scam page.

The 'you won' prize SMS

'Congratulations! You've won a Samsung Galaxy S24. Claim within 24 hours: prize-collect.win'. The page collects personal data and / or a small 'shipping fee' that vanishes into the scammer's wallet.

How to protect yourself

  • Never click links in unexpected SMS — even from 'your bank'
  • Never share OTPs or PINs in response to an SMS
  • Call your bank / courier / tax authority on their official number to verify
  • Block the sender and report to 7726 (SPAM) in most countries
  • Run any suspicious SMS through ScamGuard before responding
  • Treat shortened URLs in SMS as guilty until proven innocent
  • Don't tap 'unsubscribe' — it confirms your number is active
  • Tell elderly relatives to forward every suspicious SMS to you or ScamGuard first

ScamGuard recommendations

Paste the SMS

Use the paste box above for an instant AI verdict on the message.

Check the sender's phone number

Look up the number in ScamGuard's crowdsourced database for past reports.

Phone checker
Check the link in the SMS

Use the phishing-link checker to expand the URL and verdict its destination.

Phishing checker
Scan a screenshot

Send a screenshot of the SMS — our vision AI extracts the sender, link, and red flags automatically.

Screenshot scanner

ScamGuard tools you can use right now

Website Checker

Check any domain before you click.

WhatsApp Scanner

Paste a chat — get a verdict.

Screenshot Scanner

Upload a screenshot of any message.

Reverse Image Scanner

Catch stolen profile photos.

Why SMS phishing has overtaken email phishing

Email phishing matured into a problem that corporate inboxes mostly filter. SMS doesn't have that filter layer — messages land directly on the lockscreen, are read within minutes, and the mobile browser opens links full-screen where small URL differences are invisible. Sender-ID spoofing lets scammers display brand names that consumers trust. And SMS is global: a single campaign can be retargeted across countries with minor language tweaks. The result: SMS scam reports have grown faster than any other channel in the last three years, with global losses now in the tens of billions of dollars annually.

How ScamGuard scores an SMS

We grade messages on five dimensions. (1) Language and intent — script fingerprints, urgency words, false-authority cues, and grammar tells. (2) Sender — number reputation, country code, history of reports. (3) Link — expanded final URL, domain age, hosting, SSL details, and historical phishing reports. (4) Brand impersonation — does the wording impersonate a known brand whose real comms style is different? (5) Cohort — have we seen identical or near-identical SMS reported recently by other users? Each axis contributes to a single confidence-weighted verdict.

Building a household SMS-scam defence

Treat SMS as untrusted by default. Set the rule with everyone in the house: any unexpected SMS asking you to click, pay, call back, or share a code gets forwarded to a trusted family member (or to ScamGuard) before any action. For elderly relatives, install ScamGuard's WhatsApp bot as their default 'first stop' — they can forward anything suspicious and get a verdict back in seconds without learning a new app. For yourself, enable bank app push notifications instead of SMS for transaction alerts (so real alerts come through a verified channel) and turn on a SIM-swap alert with your mobile carrier. Most consumer SMS fraud succeeds because nobody has these basic guardrails — installing them once removes 95% of the risk.

Frequently asked questions

How does the SMS scam checker work?

Paste the full SMS — including any links, phone numbers, or amounts mentioned. ScamGuard's AI compares the wording against thousands of known smishing scripts, checks any URLs or phone numbers against our database, and returns a verdict (Scam / Suspicious / Safe) with the specific red flags it found.

What is smishing?

'Smishing' is SMS-based phishing — fraudulent text messages designed to get you to click a link, call a number, or share information. Common pretexts include bank fraud alerts, courier delivery fees, tax refunds, parcel customs charges, verification codes, and fake job offers.

Why are SMS scams so effective?

SMS feels urgent and trusted. Most people read every text within minutes, links open in the mobile browser where lookalike URLs are harder to spot, and there's no spam folder in most messaging apps. Scammers can also spoof the sender ID to display 'DHL', 'SARS', or your bank's name.

What if the SMS has a shortened link?

Shortened links (bit.ly, t.co, tinyurl, .xyz, .top) in an unsolicited SMS should be treated as guilty until proven innocent. ScamGuard expands the link and checks the final destination against the phishing-link database.

Should I click 'unsubscribe' on a scam SMS?

No. Clicking any link in a scam SMS — including 'unsubscribe' — confirms your number is active and gets you added to higher-value target lists. Just block the sender and delete the message.

What if I already clicked the link?

If you only opened the page and didn't enter anything, you're probably fine — but clear your browser data and watch your accounts for the next 48 hours. If you entered banking, login, or card details, contact your bank immediately and change every password that uses the same details. Open a Deep AI Investigation on ScamGuard to document the incident.

Can I report a scam SMS?

Yes. In the U.S., forward to 7726 (SPAM). In the UK, forward to 7726. In South Africa, forward to your bank's fraud line or report at SAPS. Also paste it into ScamGuard so the sender number and URL are added to the public database.

Is the SMS scam checker free?

Yes — your first check is free with no signup. After that a free account unlocks more checks, and credits are only required for unlimited deep AI investigations and screenshot scans.

Does it detect SIM-swap and OTP-relay scams?

Yes. SMS messages that look like verification codes you didn't request, or messages asking you to forward an OTP, are flagged as high-risk OTP-relay / SIM-swap attempts. See our WhatsApp verification code scam guide for the full playbook.

Related ScamGuard checkers

Phone scam checkerWhatsApp scam checkerWhatsApp job scam checkerWhatsApp verification code scamPhishing link checkerWebsite scam checkerCrypto scam checkerCrypto romance scam checkerPig butchering scam checkerRomance scam detectorFake profile checkerReverse image scam checker

Related articles

Try ScamGuard free

1 free check, no signup needed. Then create an account for unlimited investigations.

Analyze With ScamGuard Run Deep AI Investigation
Analyze With ScamGuard