19 Billion Spam Texts a Month. Congress Finally Noticed.

On Wednesday evening, members of Congress sent a letter to AT&T, Verizon, and T-Mobile. Rep. David Schweikert and Sen. Maggie Hassan — one Republican, one Democrat, which tells you how bad things have gotten — addressed it to the people running the largest mobile carriers in the country. The message, paraphrased: your networks are moving 19 billion scam texts a month. Americans lost roughly $200 billion to cyberscams in 2024. What exactly are you doing about it?

The carriers haven't answered yet. Scammers, meanwhile, sent another 19 billion texts.

The Numbers That Actually Got Congress Moving

The Joint Economic Committee's letter, sent May 21, cited a scam crisis that's been compounding for years — and the data is genuinely alarming.

According to RoboKiller, Americans received more than 19 billion spam texts in a single month in 2024. YouMail tracked over 50 billion robocalls in 2025 alone. The FTC reported this week that text has now overtaken phone calls as the #1 way scammers make contact — more than calls, more than email, more than social media.

And the money: roughly $200 billion in total cyberscam losses in 2024, per the committee's own figures. For context, that's more than the GDP of most countries.

The letter from Schweikert and Hassan demanded specifics. They want to know how the carriers collect data on scam activity, how they monitor their own networks for fraud, how they cooperate with law enforcement, and — this is the key one — why so much of the detection burden still falls on the customers.

Here's the thing scammers love about that last part: it falls on you because the carriers haven't fixed it, and they've known about the problem for a long time.

How Text Became the Scammer's Favorite Channel

Phone calls used to be the dominant attack vector. Then the FCC mandated STIR/SHAKEN — a caller ID authentication protocol that made it harder to spoof phone numbers at scale. It wasn't a perfect fix, but it helped. Robocall volumes did drop after implementation.

So scammers moved to text. SMS has no equivalent authentication requirement. There's no "STIR/SHAKEN for texting." Messages can be sent in enormous volumes through legitimate SMS aggregators — services businesses use to send appointment reminders and shipping updates — making fraudulent texts harder to filter without accidentally blocking real ones.

The carriers can and do filter some spam texts. But the financial reality is complicated: SMS revenue flows through some of those same aggregator pipelines. Blocking too aggressively cuts into legitimate business traffic. The FTC and the FCC have pushed for better filtering. The filtering has improved. The volume has still exploded.

So here we are. 19 billion texts a month. Congress writing letters.

The Scam Texts Hitting Hardest Right Now

The FTC's May 2026 report on imposter scams shows which text campaigns are doing the most damage right now.

Toll scams. Government imposter scams are up 40% year-over-year, and toll texts are the biggest driver. You get a text claiming to be from EZPass, SunPass, FasTrak, TxTag, or your regional toll authority. You owe $3.85. Pay now or face late fees and potential license suspension. The urgency is manufactured. The website it links to is not your toll authority. Toll road scam texts are their own operation at this point — there's an entire piece on how to spot them.

Fake delivery notifications. A text from "USPS," "FedEx," or "UPS" says your package has an issue and needs you to verify your address or pay a small redelivery fee. The link goes to a phishing page that captures payment info. The tell is that you're not expecting a package — or you are, but the text arrived before any tracking number appeared in your actual carrier app.

Bank fraud alerts. "Unusual activity on your Chase account. Verify immediately to avoid suspension." The text looks exactly like what Chase actually sends. The number is spoofed. The link is not Chase. If you "verify," you've just handed over your credentials. Call the number on the back of your card instead — that always works.

Job offer texts. The FTC flagged this one in April. A text from an unfamiliar number offers you a remote job with suspiciously good pay for simple tasks. These are task scam setups — the "job" ends with you being asked to buy gift cards or crypto to complete an assignment, which disappears immediately. If you've already engaged with one of these, there's a guide.

QR code traffic violations. A text says you have an unpaid traffic fine and includes a QR code to pay. Scan it and you're on a phishing page. We've got a full breakdown on how those work.

The Red Flags Hiding in Every Scam Text

Scammers got better, which is annoying, because now the messages look legit until the part where they absolutely don't. Here's what to look for.

You didn't initiate anything. Your bank isn't going to randomly text you unless you enrolled in alerts and something actually triggered. Your toll authority isn't monitoring your account in real time. Unexpected outreach is the first flag.

Urgency without a normal path. "Pay in 24 hours or face consequences." Real organizations give you time and clear options. Scammers manufacture panic because panic skips the part where you verify.

The link domain is wrong. The text says it's from SunPass, but the link goes to sunpass-account-verify.top or florida-toll-pay.com. Real services use their own domain. Look before you tap.

They want payment by an unusual method. Gift cards, Zelle, Venmo, wire transfer, or crypto. No legitimate company processes a toll fine by gift card. No real bank asks you to send a wire to "protect your funds." If the payment method is unusual, the whole thing is a scam.

Replying to opt out "confirms" your number. If a scam text offers an opt-out keyword, replying tells the scammer your number is real and actively monitored. That makes your number more valuable to sell to other scam operations, not less. Don't reply.

If You Already Clicked Something

First, stop. Close the browser tab, don't enter any information if you haven't already, and don't call any number the text or page provides.

If you gave information — card number, login credentials, Social Security number, or anything personal — the clock matters. Call your bank and card issuers immediately using the number on the back of your card. Freeze your credit at all three bureaus if the information was sensitive. Change your passwords. Here's the full recovery checklist for what to do after clicking a suspicious link.

Report the text to your carrier by forwarding it to 7726 (SPAM). Report to the FTC at ReportFraud.ftc.gov. Reporting actually matters — the FTC uses these reports to identify patterns and pursue enforcement.

If you're not sure whether a text is real, paste the link into Cautellus before clicking anything. The scanner checks against 770,000+ confirmed malicious domains and will flag phishing infrastructure most people would never recognize from the URL alone.

What You Can Do Right Now (Without Waiting for Congress)

Congress is asking questions. Carriers are being asked to answer them. That process will take months, possibly years, and the letters may not produce much. In the meantime:

Turn on unknown message filtering. On iPhone: Settings → Messages → Filter Unknown Senders. On Android: Messages app → Settings → Spam protection. This doesn't block everything, but it separates unknown contacts from your main message view.

Don't reply to texts you don't recognize. Not even to "STOP." Replying confirms your number is live.

Verify through official channels, not the text. If a text claims to be from your bank, call the number on your card. If it claims to be from a toll authority, log in directly on their official website. The scam falls apart the moment you step outside the environment they built for you.

Trust the carrier app, not the text. For packages, your tracking information lives in the carrier's actual app — USPS, FedEx, UPS — not in unsolicited texts. Same for toll accounts.

Use a scanner before you click anything suspicious. Copy the link, paste it into Cautellus, check it. This takes about 15 seconds and removes almost all risk.

The carriers have infrastructure they haven't fully deployed. Congress is now on record asking why. That's progress, technically. But it's not the same as your phone being safer tomorrow morning. The practical moves above work today.

---

Frequently Asked Questions

Why am I getting so many scam texts all of a sudden?

Text became the #1 scammer contact method because it's cheap, scalable, and harder to authenticate than phone calls. Per RoboKiller, over 19 billion spam texts hit US phones monthly. There's no equivalent of the STIR/SHAKEN caller ID authentication system for SMS, which means filtering is imperfect. The volume has been rising for years — you're noticing it more because the campaigns have gotten more targeted and convincing.

Should I reply STOP to scam texts to unsubscribe?

No. Replying — even with "STOP" — tells the scammer your number is active and monitored. That makes your number more valuable to sell to other scam operations. Ignore unknown texts, report them by forwarding to 7726 (SPAM), and delete. Don't engage.

How do I stop scam texts on my iPhone or Android?

On iPhone: go to Settings → Messages and turn on Filter Unknown Senders. On Android: open the Messages app, go to Settings, and enable Spam Protection. You can also block numbers individually and report texts as junk. Your carrier may also offer a spam filter service — T-Mobile Scam Shield, AT&T ActiveArmor, and Verizon Call Filter all have text protection features.

What do I do if I already clicked a link in a scam text?

Close the page immediately if you haven't entered any information. If you have: call your bank and card issuers using the number on the back of your card, freeze your credit at Equifax, Experian, and TransUnion, change passwords for any accounts that could be affected, and report to the FTC at ReportFraud.ftc.gov. Full recovery steps are at cautellus.com/blog/clicked-scam-link-what-to-do.

Is there a law against scam texts?

Yes — the TRACED Act (2019) required telecom carriers to implement caller ID authentication, but it applies primarily to phone calls, not SMS. The FTC and FCC both have enforcement authority over fraudulent texts under existing consumer protection law, and the FCC has issued rules requiring carriers to block some scam texts. Congress is now pressing carriers for more. The laws exist; enforcement at the scale of the problem is the challenge.

Can my carrier actually block scam texts, or are they just not doing it?

Both, honestly. Carriers do block a significant volume of spam texts — AT&T, Verizon, and T-Mobile all have filtering systems. But SMS fraud often flows through the same legitimate aggregator pipelines that businesses use to send you real appointment reminders and shipping updates. Blanket filtering risks false positives on legitimate traffic. The congressional inquiry is specifically trying to understand what more carriers can do without that collateral damage.

---

Sources: FTC Consumer Alerts May 2026 (consumer.ftc.gov), Washington Post May 21 2026, Washington Times May 21 2026, RoboKiller 2024 spam data, YouMail Robocall Index 2025, Joint Economic Committee press release May 21 2026.