Smishing and Social Engineering Scam: The Random Text Question

In order to get your personal information, or to install malware or ransomware on your mobile phone, scammers have been using a very simple social engineering smishing scam tactic: acting as an acquaintance, and usually asking you a question! This ruse is easy to create, requires absolutely no advance knowledge of who you are...not even your name, and has a high degree of success because it preys on something normal humans feel the need to do: Respond to a friend, or answer the question.

The random text smishing scam starts with a simple text message or question that comes out of the blue, and appears to come from an acquaintance, often in the form of a question:

"Is there a time you can come to my office today?"

"I'll be in TX in December would you be free to grab a meal together?"

"Sorry to trouble you, but I found your number in my contacts without a name. Who am I speaking to?"

"We haven't had coffee together for a long time"

"Hey, long time so see. :-)"

"I hope my intrusive message didn't bother you. I bet you've forgotten about me, right?"

"G'day! What have you been up to? .o."

"How have you been?"

"Hello, have the high heels I ordered last week arrived?"

Of course, our urge is to respond to it. "Who is this?" or "I am not sure what you mean" would start the interaction with the scammer. But, replying to them a) lets them know that they have a legitimate phone number belonging to someone who answers random texts (great for trying again), and b) gives them a chance to continue the ruse.

The next step they would follow in the scam is to gather any information from you, typically starting with your gender, or where you are located. If you are a woman, they text a picture of a handsome man and ask for one in return, and vice versa. Once they establish a rapport with you, they go in for the kill!

"Hey, I think we went to the same high school! Is this your picture I found in the yearbook? <link to a file>"

Once you click on that link, your device becomes under their control, and is held for ransom. Or, they install tracking software that forwards to them everything you do, such as logging into banks or credit card websites. As they say, "You are now pwned!"*

Hopefully you made a backup of your device recently, or have enough money and trust to pay them what they are asking. Otherwise, you will likely need to start over with a fresh installation of your cell phone software, losing all of your photos, texts, and other cell phone data that is not stored anywhere else.

Learn how you can protect yourself or your family by enrolling in the Complete Internet Security Basics and Phishing Awareness Course for Parents on TrainMyParent.com

Interested in these posts? Sign up and subscribe to our newsletter!

© 2025, TrainMyParent.com. All Rights Reserved.

*The word "pwned" is a reference to an early piece of malware, in which the hacker misspelled the word "owned" in the comments of the code, and has become a general term for when a hacker has beaten you in their game.