Phishing text messages are crucial for every business to be aware of, regardless of the size of your company. That is because falling for phishing texts can put your company at risk of your private information being shared or the private information of your customers being shared.

Because of the risks of these messages, it is crucial that all business owners learn to spot them as well as how to report phishing texts, including where to report phishing texts. You will also want to make sure that all of your employees understand how to do the same. 

What are phishing messages?

The term phishing refers to a social engineering attack where a cybercriminal tries to steal credit card numbers, login credentials, or other private details. Phishing messages can come through either email or text messages, but this guide will focus on text messages.

In a phishing attempt, the cybercriminal pretends to be a trusted entity, such as a bank, client, or employee. The phishing messages try to get the recipient to open the message and click on a link.

Some phishing attempts just directly request information under the pretense that they are trusted. An example would be someone posing as your bank asking for your account number or even your PIN.

Phishing with links is much more likely. The link will sometimes take recipients to a website that looks official but isn’t in hopes that they enter their login credentials. It may also simply automatically download malware or ransomware.

The following is an example of a phishing email.

Phishing attack example - Phishing email

When they target individuals, phishing texts can lead to theft, unauthorized purchases, or identity theft. It can be an even more serious concern for businesses, especially larger ones. Phishing attempts commonly target larger corporations in hopes that they gain access to the entire network or secured data. Remember that a suspicious email or text could also install malware on the network. 

Even smaller businesses are at risk, especially because cybercriminals know they may not have an excellent cybersecurity budget. 

How are phishing messages different than spam text messages?

Both spam and phishing texts are annoying, but they are very different. Spam simply wants to get your attention, while phishing aims to steal information or login credentials.

Essentially, a spam message is simply very aggressive and not always legal marketing. By contrast, phishing is never legal and tries to get access to sensitive information. You can think of spam messages as a pesky nuisance or fake text messages, but most spam texts are not a security risk. 

How to spot a suspicious text message step-by-step

Before you can learn how to report phishing texts, you need to learn how to spot them. This involves looking out for warning signs that an email may not be legitimate. The nice thing about this process is that you do not necessarily need to complete the steps in any order. You should be cautious about any of the following warning signs.

phishing email tactics

Step 1 – Check if the message demands urgent action

You should always be suspicious if a message says that you need to act right away, or you will face the consequences. This tactic aims to ensure that the target does not have any time to process the likely attack.

So, if you receive a text that says you must take urgent action, take a few seconds to breathe. Then, contact the institution that claims to be sending the message via the method you usually use. Don’t reply to the text.

Step 2 – Check if the message has poor spelling and grammar

Another strong indication that you may soon be looking up where to report phishing texts is if the message features poor spelling and grammar. Yes, spelling and grammar tend to be laxer in text messages than emails or written correspondence, but there are still social norms. This is especially true in business. As such, an unwanted text message with poor grammar is easily classified as a suspicious message.

Step 3 – Check if the number or link looks odd

If you get a text message from someone or an organization and don’t recognize the number, be suspicious. The same would be true if you get a text from a number with an unusual area code. You may also notice something odd about the link. Remember that legitimate companies will have a legitimate domain that is spelled correctly. 

Step 4 – Check if the message uses odd phrasing

Depending on who you send and receive texts from, you expect a certain type of language to be used. If the text uses phrases that the sender would not use, you should be suspicious and get ready to look at reporting phishing text messages.

Step 5 – Check if the message requests sensitive data

Perhaps phishing texts’ most significant warning sign is if the message requests sensitive information, such as payment information or login credentials. While there are legitimate methods of paying via text, those will always make it clear that they are legitimate. You will also remember signing up for them.

Step 6 – Check Whether the Message Is Personalized

Most companies today, likely including yours, take the time to personalize messages. Instead of saying, “Dear customer,” they will say, “Dear [your name].” If they use a more generic greeting, you should at least be somewhat suspicious. 

How to report phishing texts step-by-step

Now that you know how to spot phishing messages, you need to learn how to report phishing texts. As a note, you can also follow similar steps to report spam text messages. 

Step 1 – Contact the “sender”

The first step of reporting phishing text messages lets you not only report it but also confirm that it is a phishing attempt. This involves contacting the person or organization that supposedly sent the text to see if they did. If you noticed the signs mentioned earlier, they likely didn’t.

Your warning may give the “sender” the chance to warn other contacts of potential phishing attacks. It will also let them know that they should check their cybersecurity. You can typically directly contact their fraud department to do this. 

Step 2 – Forward the message to the FTC

The FTC makes it incredibly straightforward to learn how to report phishing texts. If you know how to forward a text message, you know how to report one.

Just forward the text to SPAM (7726). The FTC will review the forwarded messages. 

Step 3 – Report it on the FTC website

After you forward the message to the FTC, you should also report it online. The FTC has a Report Fraud website that is the official answer of where to report phishing texts or emails.

Step 4 – Check your security and information safety

Part of reporting phishing text messages also means ensuring that your information is safe. If you accidentally responded to a phishing attempt, there are a few things to do.

Start by updating your security software across all of your devices. If you think the scammers got any of your personal information, report it at

Step 5 – Report it to Google

Google also encourages you to report phishing to them, although this feature is more oriented toward email– and web-based phishing than text-based phishing. Even so, it can be an excellent step to take.

Step 6 – Report it to US-CERT and

Another optional step is to report the phishing message to US-CERT, which works with the Anti-Phishing Working Group (APWG). However, as with Google, this focuses more on phishing URLs and emails than texts.

You can also report it to via their page for reporting scams and frauds. 

The impact of phishing messages on local businesses


There are no positive impacts of phishing messages on local businesses, as they threaten the security and privacy of those businesses. 

That being said, being aware of how to spot and how to report phishing texts is very important for businesses. Simply being aware of how to spot these threats makes you significantly less susceptible to them. 

Doing your part and following through on how to report phishing texts helps protect you and everyone else from the threat. 


There are significant cons to phishing. 

Phishing can lead to financial loss for you as an individual or for your business. It can compromise your personal information, putting you at risk of identity theft. 

It can also compromise the data on your clients or customers, putting them at risk of identity theft. In that situation, you may even be liable if the phishing occurred because you didn’t have proper security measures in place. 

Phishing can compromise your crucial login details. In the best-case scenario, this just requires you to change all of your passwords. It is more likely, however, that you will lose money or that data will be compromised. 

As mentioned, phishing can also leave your entire company’s network vulnerable if it provides access and involves downloading malware or ransomware. 


Phishing texts can put your company, your personal data, and the data of your customers at severe financial risk. The good news is that you can spot many phishing scams with a bit of caution and common sense. Once you notice one, it is best to follow through on the above steps on how to report phishing texts, as this protects others as well as yourself and your business. 

Isaiah Rendorio
Isaiah Rendorio Product Marketing Manager, Campaigns

Isaiah Rendorio is the Product Marketing Manager for Podium Campaigns—helping local businesses tap into the power of SMS marketing to strengthen customer relationships, increase customer lifetime value, and drive more revenue.

Adapt the way you do business. Press send.