Home
Blog
The Complete Guide to Spam Calls, Robocalls, and SMS Scams

The Complete Guide to Spam Calls, Robocalls, and SMS Scams

Reviewed by
Table of Contents

Key Takeaways

Introduction

Your phone buzzes. The number looks local. Maybe it's a doctor's office, a school, a neighbor. You answer, and a robotic voice tells you your Social Security number has been suspended.

That moment of doubt, that split-second where you don't know what's real, is what scammers are selling. And business is booming.

In 2025, U.S. consumers received 52.5 billion robocalls, according to the YouMail Robocall Index. Text scams separately cost Americans $470 million in 2024, more than five times what was reported in 2020, per the FTC. These aren't annoyances. They're a sophisticated criminal industry, and every year it gets harder to tell the real from the fake.

This guide covers everything: how spam calls and robocalls work, the psychology behind why they're so effective, who gets targeted, the complete taxonomy of scam types, and, most importantly, how to protect yourself and your family starting today.

What are spam calls, robocalls, and SMS scams?

The terms get used interchangeably, but they're not the same thing. Here's the distinction.

Spam calls are any unsolicited, unwanted phone calls, whether from a live person or an automated system. The category is broad: it includes aggressive legitimate telemarketing, political calls, and outright criminal fraud.

Robocalls are a subset: calls made using an automated dialer that delivers a pre-recorded message. Some robocalls are legal: appointment reminders from your doctor, school closings, political campaign calls. But the vast majority of robocalls consumers receive are illegal, fraudulent, or both.

SMS scams (smishing) are the text-message cousin of robocalls. "Smishing" combines "SMS" and "phishing." Instead of a voice call, scammers send texts that appear to come from a trusted source, a bank, a shipping carrier, the IRS, to trick you into clicking a link or calling a number.

What unites all three: they exploit the trust you naturally place in your own phone. Your phone is the device you use for your bank, your family, your doctor. Scammers know that, and they design every message to exploit that trust at the moment you're least expecting it.

How robocalls actually work

Understanding the mechanics demystifies the problem, and helps you recognize attacks when they happen.

VoIP: why 52 billion calls cost almost nothing

Traditional phone calls cost real money per minute. VoIP, Voice over Internet Protocol, sends audio as internet data. The result: a call that once cost dollars costs fractions of a cent. A scammer with a basic VoIP setup and a list of numbers can blast millions of calls per day for less than the cost of a Netflix subscription.

That's why volume is staggering. There's no economic floor holding it back.

Caller ID spoofing: making your neighbor call you

When a call shows "Unknown Number," most people don't answer. So scammers spoof: they falsify the caller ID information transmitted to your phone. The FCC defines spoofing as when a caller "deliberately falsifies the information transmitted to your caller ID display to disguise their identity."

Two tactics dominate:

  • Neighbor spoofing: The call displays a number with your local area code and prefix, making it look like it's coming from someone in your neighborhood. You're far more likely to pick up.
  • Impersonation spoofing: The call appears to come from a legitimate institution: your bank, the Social Security Administration, even the IRS.

Spoofing is technically easy because the older phone network infrastructure was designed for trust, not verification. The system was never built to ask, "Is this really who they say it is?"

STIR/SHAKEN: the partial fix that didn't fix everything

In response to the spoofing epidemic, the FCC mandated STIR/SHAKEN, a caller ID authentication framework that requires major carriers to verify and digitally "sign" calls passing through their networks. The name stands for Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs.

Here's the honest truth about STIR/SHAKEN: it helps, but it's not a solution. The framework verifies that a call actually originated from the number it claims, but, as a December 2025 Federal Register rulemaking made explicit, STIR/SHAKEN "does not require the provider to verify any caller identity information the caller provides." In other words, it can confirm the call came from a specific VoIP account, not that the person behind that account isn't a criminal.

Gaps also remain in coverage: older non-IP telephone networks are exempt, and not all smaller carriers have fully implemented the standard. The FCC proposed new rules in 2025 to close those gaps, but full implementation is still years away.

AI voice cloning: the new frontier

This is where it gets genuinely alarming. AI can now clone a person's voice from as little as a few seconds of audio: a clip from a social media post, a voicemail, a YouTube video. That cloned voice can be used to make a call appear to come from your child, your parent, or your CEO.

On February 8, 2024, the FCC unanimously ruled that AI-generated voices in robocalls are "artificial" under the Telephone Consumer Protection Act, making them explicitly illegal. But illegal doesn't mean gone. The FTC has warned consumers that scammers are actively using AI voice tools for "grandparent scams", impersonating a grandchild in distress to trigger an emergency money transfer.

In 2024, Americans over 60 lost nearly $4.9 billion to cybercrime, a 43% jump from the prior year, per the FBI's Internet Crime Complaint Center, with AI-driven fraud among the fastest-growing categories.

The true cost: financial and psychological

The financial numbers are staggering, but they only tell part of the story.

What the data says

  • $12.5 billion in total fraud losses in 2024, a 25% increase over 2023, the largest single-year jump on record, per the FTC's Consumer Sentinel Network Data Book.
  • $470 million lost specifically to text message scams in 2024, five times the 2020 level, per the FTC.
  • The percentage of fraud reporters who actually lost money jumped from 27% in 2023 to 38% in 2024, meaning scammers are closing more "deals" per contact. The calls aren't just more numerous. They're more effective.
  • Victims of scam calls lost an average of $3,690 in the first half of 2025 alone, per US PIRG.
  • Across all phone-related scams, Truecaller's 2024 U.S. Spam & Scam Report, conducted with The Harris Poll, estimated total annual losses at$25.4 billion.
  • Zoom out and the true scale is far larger: Americans lose an estimated $119 billion a year to online scams overall once unreported losses are counted, roughly seven times what was reported to the FBI, per the Consumer Federation of America.

The cost you can't count

Beyond the dollars: there's the communication breakdown. Spam calls have made millions of Americans afraid to answer their own phones. Legitimate calls get ignored. Doctors, schools, and employers can't reach people. The scam industrial complex doesn't just steal money; it erodes the basic utility of telephone communication.

There's also a shame and stigma problem. Many victims never report losses because they feel embarrassed. The FTC estimates only a fraction of fraud is ever reported, which means every number above is almost certainly an undercount.

Who gets targeted

The common assumption is that phone scams primarily victimize older adults who aren't tech-savvy. The data tells a more complicated and troubling story.

Younger adults are more at risk than you think

Truecaller's 2024 report found that adults aged 18 to 44 are three times more at risk of being scammed than older adults. The reason isn't naivety; it's exposure and volume. Younger adults conduct more of their lives on their phones, engage with more unknown numbers for work or gig jobs, and are more likely to click a link in a text without thinking twice.

Seniors, however, still experience the highest per-incident losses. They're targeted by more sophisticated schemes and are less likely to have someone to call to verify a situation before responding.

Racial disparities in targeting

This finding deserves direct acknowledgment. Truecaller's data showed:

  • Black Americans (39%) were targeted and lost money at more than twice the rate of White Americans (15%).
  • Hispanic Americans (30%) faced the same disparity, with scams particularly targeting student loan relief and immigration-adjacent themes.

These aren't random patterns. Scammers identify which demographics are more likely to have certain fears or vulnerabilities, and they design campaigns around those specific pressure points.

The geography of scam calls

Robocall complaint rates are highest (per 100,000 residents) in states including Nevada, Illinois, Florida, Delaware, Ohio, Arizona, and North Carolina, based on FTC Do Not Call Registry complaint data. Volume tracks with population density and also correlates with the concentration of seniors in certain states.

The scale of the overall problem: 56.2 million U.S. adults were impacted by spam and scam calls in 2023, per Truecaller. That's roughly one in six Americans.

Types of robocall scams

The FCC's 2025 top robocall complaint list and broader industry reporting reveal consistent patterns. Here are the major categories.

1. Debt relief and loan assistance

The top category by FCC complaint volume in 2025. Calls claim to offer student loan forgiveness, mortgage relief, or credit card interest rate reductions. They create urgency around programs that are "expiring", and ultimately ask for personal financial information or upfront fees.

2. Insurance and healthcare scams

Fake health insurance offers, fake Medicare enrollment calls (especially during open enrollment periods), and bogus prescription assistance programs. Seniors are disproportionately targeted. These calls often collect Social Security numbers under the guise of "verifying eligibility."

3. Government impersonation

Calls impersonating the IRS, Social Security Administration, FTC, or local police. The script is familiar: your Social Security number has been "suspended," there's a warrant out for your arrest, or you owe back taxes that must be paid immediately. Real government agencies do not call threatening immediate arrest or demanding payment by gift card.

4. Credit card and financial fraud

Calls claiming to be from your bank, offering to lower your credit card interest rate or alerting you to suspicious activity. The goal is to get your full card number, security code, and billing ZIP, either directly or by transferring you to a "specialist."

5. Tech support scams

A warning appears on your computer (or is described to you over the phone) claiming it's infected with a virus. The caller, posing as Microsoft or Apple support, asks for remote access to your device. Once in, they may install malware, steal data, or demand payment to "fix" a problem that didn't exist.

6. Extended auto warranty calls

One of the most complained-about categories for years. Calls claiming your vehicle warranty is about to expire push you toward a fake service contract. They often know your car's make and model from public records, which makes them sound unnervingly real.

7. AI-powered grandparent scams

A caller uses a cloned AI voice of a grandchild saying "Grandma, I'm in trouble. I was in an accident and I need money right now, but please don't tell Mom." A "lawyer" or "police officer" quickly takes the call to collect payment. The FCC has issued specific alerts on this evolving scam type.

Types of SMS and smishing scams

Text scams have exploded. Robotexts have nearly tripled since 2021, growing from roughly 7 billion to an estimated 19 billion annually by 2024. Here are the top categories from the FTC's 2025 data spotlight on 2024 text scams.

1. Fake package delivery notifications

You get a text from "USPS," "FedEx," or "UPS" saying your package couldn't be delivered: click this link to reschedule. The USPS Postal Inspection Service has issued repeated warnings about this scam. The link leads to a phishing page designed to steal your name, address, and credit card information.

2. Fake bank fraud alerts

A text from what looks like your bank warns of suspicious activity and urges you to "verify" your account immediately. The link takes you to a near-perfect replica of your bank's login page. Enter your credentials and you've just handed them to a thief.

3. Unpaid toll notices

This scam surged sharply in 2024 and 2025. You receive a text claiming you have an outstanding toll balance that must be paid within 24 hours or face a fine. Scammers have impersonated EZPass, SunPass, and regional toll authorities. The FBI and FTC both issued alerts about this specific scheme.

4. Phony job offers

"We came across your profile and think you'd be a great fit for a high-paying remote position." The job is real-sounding, the pay is attractive, and eventually you're asked to pay for "training materials," "equipment," or a "background check." The job was never real.

5. Government benefit texts

Fake notifications claiming you're eligible for a stimulus payment, SNAP benefits, or IRS refund, with a link to "claim" them. These texts often spike after real government relief programs are in the news.

6. Student loan relief scams

These disproportionately target younger adults and, per Truecaller, Hispanic Americans specifically. Texts claim to offer loan forgiveness or restructuring, and ask for Federal Student Aid login credentials or Social Security numbers.

How to spot a scam call or text: the red flags

Scammers are sophisticated, but they rely on predictable psychological levers. Know what to look for.

Urgency and threats. "Act now or your account will be closed." "You'll be arrested if you don't call back within 24 hours." Manufactured urgency shuts down rational thinking. That's the whole point.

Unusual payment demands. Gift cards. Wire transfers. Cryptocurrency. Zelle. Venmo. Legitimate businesses and government agencies do not accept payment this way. If someone is asking you to pay with a gift card, it's a scam. Full stop.

Requests for personal information you didn't initiate. If you didn't start the conversation, you shouldn't be handing over your Social Security number, bank account number, or date of birth.

A too-perfect story. A caller who knows your name, your car's make and model, or even your address sounds more credible. That information often comes from data brokers, prior data breaches, or public records. It doesn't make the call legitimate.

The AI-perfect voice. A voice that sounds eerily natural, doesn't respond normally to off-script questions, or lags slightly before responding could be AI-generated.

Unsolicited links in texts. Legitimate companies don't ask you to log in, verify your account, or make a payment via an unsolicited text link. If you're concerned about your bank account or a delivery, go directly to the institution's official website.

Government threats via phone. The IRS doesn't call threatening arrest. Social Security doesn't suspend your number over the phone. The FTC doesn't demand gift card payments. If the "government" is calling you with an ultimatum, hang up.

How to protect yourself: practical steps that actually work

Use your carrier's free tools

Every major U.S. carrier offers some form of spam call protection. Use it. It costs nothing.

Carrier Free Tool Paid Upgrade
T-Mobile Scam Shield app (blocks, flags calls) Scam Shield Premium
AT&T ActiveArmor (auto-blocks fraud calls) ActiveArmor Advanced
Verizon Call Filter (spam detection + blocking) Call Filter Plus
U.S. Cellular Call Guardian N/A

Add a third-party call blocker

Carrier tools use network-level data. Third-party apps go further:

  • Real-time screening: every incoming call is checked against large, continuously updated databases of known scam and spam numbers, then labeled or silenced before your phone rings.
  • Spoof detection: unfamiliar numbers are flagged and neighbor-spoofing patterns identified, so a local-looking number that is really a scammer still gets caught.
  • Custom lists: build personal allow and block lists, and route suspected spam straight to voicemail.

Guardio is rolling out its own scam call protection, bringing the same real-time scam detection it uses to flag dangerous links and sites to the calls that reach your phone. That means one connected layer of defense across the web, your inbox, and your phone.

Use your phone's built-in features

You don't need an app to add a basic filter layer:

  • iPhone: Go to Settings > Phone > "Silence Unknown Callers." Calls from numbers not in your contacts, recent calls, or Siri Suggestions go straight to voicemail.
  • Android (Google Phone app): Enable "Filter spam calls" under Settings > Spam and Call Screen.

Register with the Do Not Call Registry

Visit DoNotCall.gov to register your number. This stops legitimate telemarketers, and helps you recognize that any telemarketing call you receive after registering is illegal. It won't stop criminal scammers (they ignore the law), but it reduces the total noise.

For text scams

  • Never click a link in an unexpected text, even if the sender looks familiar.
  • Forward suspected spam texts to 7726 (SPAM). It reports directly to your carrier.
  • Delete and block the number. Do not respond, even to say "STOP." Responding confirms your number is active.
  • If you're unsure about a delivery or bank alert, go directly to the company's official website, never through the link in the text.
  • On iPhone, turn on Guardio's scam text filtering. It automatically sorts suspected scam and spam texts out of your main inbox, so dangerous messages are flagged before you tap them.

Smart behavioral habits

  • Let unknown calls go to voicemail. Legitimate callers leave messages. Scammers almost never do.
  • Never call back an unknown number that hung up immediately. This can be a "one-ring scam" designed to get you to call a premium-rate number.
  • Don't press "1" to be removed from a list. It confirms your number is live and often increases call volume.
  • Verify independently. If someone calls claiming to be your bank, hang up and call the number on the back of your card.
  • Create a family code word. Against the grandparent scam specifically: agree on a safe word that only real family members would know.

How to report spam calls and texts

Reporting matters. It builds the datasets regulators use to investigate and prosecute scammers. Here's where to report, and what to report where.

Where to Report What to Report How
FTC: ReportFraud.ftc.gov Any phone scam or financial fraud Online at ReportFraud.ftc.gov
FCC: consumercomplaints.fcc.gov Illegal robocalls, spoofed numbers, Do Not Call violations Online complaint portal
DoNotCall.gov Unwanted telemarketing calls Register your number; file complaints
Your carrier Spam texts, spoofed calls Forward texts to 7726; call customer service
FBI IC3: ic3.gov Internet crime, large financial losses Online at ic3.gov
AARP Fraud Watch Network Elder fraud, scams targeting seniors 1-877-908-3360

One important note: when you report to the FTC, you don't get an individual response or investigation, but your report is added to a database that analysts use to identify patterns and bring enforcement actions. Each report counts.

The regulatory landscape

Phone fraud isn't unregulated; it's just hard to regulate. Here's the legal framework that governs this space and where the gaps remain.

Law / Regulation Year What It Does
TCPA (Telephone Consumer Protection Act) 1991 Restricts automated calls and texts; requires prior written consent from the recipient
National Do Not Call Registry 2003 Created the opt-out list for consumers; illegal telemarketers ignore it
TRACED Act 2019 Expanded FCC enforcement authority; allowed up to $10,000 per-call penalties for intentional violations; mandated STIR/SHAKEN
STIR/SHAKEN mandate 2021 Required major carriers to implement caller ID authentication
FCC AI Robocall Ruling Feb 2024 Declared AI-generated voices in robocalls explicitly "artificial" under TCPA, making them illegal without prior consent
FCC Advanced Methods NPRM Dec 2025 Proposed new rules to close non-IP network gaps in STIR/SHAKEN and tighten carrier compliance

The TRACED Act is particularly significant: it allows civil penalties of up to $10,000 per call for intentional violations. The FTC has brought over 150 enforcement actions against robocallers and their facilitators.

The honest challenge: most of the worst actors operate from outside the U.S., routing calls through foreign VoIP providers and jurisdictions where U.S. laws don't reach. Technology is advancing faster than international enforcement cooperation.

What's next: AI escalation and the road ahead

The trajectory is clear, and it's not encouraging without the right response.

Scammers are trading volume for precision. Instead of blasting millions of generic "your warranty is expiring" calls, they're shifting to AI-powered, personalized attacks. Fewer calls, higher success rates. The Truecaller 2024 report documented a move "away from large-scale robocall campaigns to more sophisticated, AI-driven spearfishing attacks that are highly targeted and contextually relevant."

The tools enabling this are cheap, widely available, and improving constantly. Voice cloning that required studio equipment five years ago can now be done with a free online tool and a 10-second audio clip. Scammers who used to run call centers are now running AI inference servers.

On the regulatory side, the FCC's 2025 rulemaking on Advanced Methods to Target and Eliminate Robocalls signals that policymakers understand the gaps, particularly around non-IP networks and the limits of STIR/SHAKEN's identity verification. Whether enforcement keeps pace with innovation remains the open question.

For individuals, the bottom line is this: no single tool solves the problem. The best protection is layered: carrier-level blocking, third-party apps, built-in phone filters, and enough awareness to pause before acting on any unexpected call or text that creates urgency or asks for money or information.

Your phone is your most personal device. It deserves a layer of protection that matches how central it is to your life.

CMS-based CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
Default CTA:
Smart protection, built for how you live online
Stay ahead of threats with real-time insights and proactive protection.
Add Guardio to BrowserTake Security Quiz
CMS-based "Did you know?" block
Did you know?
Default "Did you know?" block
Did you know?

Make sure you have a personal safety plan in place. If you believe someone is stalking you online and may be putting you at risk of harm, don’t remove suspicious apps or confront the stalker without a plan. The Coalition Against Stalkerware provides a list of resources for anyone dealing with online stalking, monitoring, and harassment.

Guardio Security Team
Guardio’s Security Team researches and exposes cyber threats, keeping millions of users safe online. Their findings have been featured by Fox News, The Washington Post, Bleeping Computer, and The Hacker News, making the web safer — one threat at a time.
Tips from the expert

Related articles

FAQs

Does the Do Not Call Registry actually stop spam calls?

It reduces calls from legitimate telemarketers who comply with the law, but it has almost no effect on criminal scammers who ignore regulations. Registering is still worth doing; it helps you recognize that any telemarketing call you receive afterward is illegal, but it won't stop the bulk of the problem.

Is it safe to answer a robocall?

Generally yes, answering alone doesn't cause harm. But pressing buttons, speaking, or providing any information can confirm your number is active, increase future call volume, or put you in conversation with a live scammer. The safest approach is to let unknown calls go to voicemail.

Can scammers really use my voice to clone it?

Yes. Modern AI voice cloning tools can generate a convincing replica from just a few seconds of audio, the kind you might have on social media, YouTube, or even a public voicemail greeting. The FCC has explicitly warned about this and banned AI-generated voice robocalls, but the technology is freely available.

What should I do if I've already given a scammer my information?

Act quickly. If you gave financial account information, contact your bank immediately. If you gave your Social Security number, place a fraud alert or credit freeze with the three major credit bureaus (Equifax, Experian, TransUnion). Report the incident to the FTC at ReportFraud.ftc.gov. If you transferred money, report to both the FTC and your bank; some transfers can be reversed if caught early enough.

Why do spam calls always seem to come from my local area code?

That's "neighbor spoofing": scammers deliberately spoof numbers that match your local area code and prefix because people are far more likely to answer a call that looks local. It costs nothing extra for them to spoof any number they choose.

Are text messages from my bank ever legitimate?

Yes, but you should never click a link in a text that asks you to log in or verify your account. If your bank sends you a text alert about suspicious activity, go directly to your bank's official website or call the number on the back of your card to verify. Legitimate bank texts typically only notify you of activity; they don't ask you to click a link to log in.

What is smishing?

Smishing combines "SMS" and "phishing." It refers to scam attempts delivered via text message rather than a phone call. Smishing texts typically impersonate a trusted brand (a bank, shipping company, or government agency) and include a link to a fake website designed to steal your information.

How do I report a spam text?

Forward the text to 7726 (SPAM). This works on all major U.S. carriers and reports the message for investigation. You can also report it to the FTC at ReportFraud.ftc.gov. Then delete the message and block the number.

Table of Contents
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now
Can You Spot a Scam Text Message?
Test your skills and learn how to protect yourself from online scams.
Take the quiz now