
Your phone buzzes. The number looks local. Maybe it's a doctor's office, a school, a neighbor. You answer, and a robotic voice tells you your Social Security number has been suspended.
That moment of doubt, that split-second where you don't know what's real, is what scammers are selling. And business is booming.
In 2025, U.S. consumers received 52.5 billion robocalls, according to the YouMail Robocall Index. Text scams separately cost Americans $470 million in 2024, more than five times what was reported in 2020, per the FTC. These aren't annoyances. They're a sophisticated criminal industry, and every year it gets harder to tell the real from the fake.
This guide covers everything: how spam calls and robocalls work, the psychology behind why they're so effective, who gets targeted, the complete taxonomy of scam types, and, most importantly, how to protect yourself and your family starting today.
The terms get used interchangeably, but they're not the same thing. Here's the distinction.
Spam calls are any unsolicited, unwanted phone calls, whether from a live person or an automated system. The category is broad: it includes aggressive legitimate telemarketing, political calls, and outright criminal fraud.
Robocalls are a subset: calls made using an automated dialer that delivers a pre-recorded message. Some robocalls are legal: appointment reminders from your doctor, school closings, political campaign calls. But the vast majority of robocalls consumers receive are illegal, fraudulent, or both.
SMS scams (smishing) are the text-message cousin of robocalls. "Smishing" combines "SMS" and "phishing." Instead of a voice call, scammers send texts that appear to come from a trusted source, a bank, a shipping carrier, the IRS, to trick you into clicking a link or calling a number.
What unites all three: they exploit the trust you naturally place in your own phone. Your phone is the device you use for your bank, your family, your doctor. Scammers know that, and they design every message to exploit that trust at the moment you're least expecting it.
Understanding the mechanics demystifies the problem, and helps you recognize attacks when they happen.
Traditional phone calls cost real money per minute. VoIP, Voice over Internet Protocol, sends audio as internet data. The result: a call that once cost dollars costs fractions of a cent. A scammer with a basic VoIP setup and a list of numbers can blast millions of calls per day for less than the cost of a Netflix subscription.
That's why volume is staggering. There's no economic floor holding it back.
When a call shows "Unknown Number," most people don't answer. So scammers spoof: they falsify the caller ID information transmitted to your phone. The FCC defines spoofing as when a caller "deliberately falsifies the information transmitted to your caller ID display to disguise their identity."
Two tactics dominate:
Spoofing is technically easy because the older phone network infrastructure was designed for trust, not verification. The system was never built to ask, "Is this really who they say it is?"
In response to the spoofing epidemic, the FCC mandated STIR/SHAKEN, a caller ID authentication framework that requires major carriers to verify and digitally "sign" calls passing through their networks. The name stands for Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs.
Here's the honest truth about STIR/SHAKEN: it helps, but it's not a solution. The framework verifies that a call actually originated from the number it claims, but, as a December 2025 Federal Register rulemaking made explicit, STIR/SHAKEN "does not require the provider to verify any caller identity information the caller provides." In other words, it can confirm the call came from a specific VoIP account, not that the person behind that account isn't a criminal.
Gaps also remain in coverage: older non-IP telephone networks are exempt, and not all smaller carriers have fully implemented the standard. The FCC proposed new rules in 2025 to close those gaps, but full implementation is still years away.
This is where it gets genuinely alarming. AI can now clone a person's voice from as little as a few seconds of audio: a clip from a social media post, a voicemail, a YouTube video. That cloned voice can be used to make a call appear to come from your child, your parent, or your CEO.
On February 8, 2024, the FCC unanimously ruled that AI-generated voices in robocalls are "artificial" under the Telephone Consumer Protection Act, making them explicitly illegal. But illegal doesn't mean gone. The FTC has warned consumers that scammers are actively using AI voice tools for "grandparent scams", impersonating a grandchild in distress to trigger an emergency money transfer.
In 2024, Americans over 60 lost nearly $4.9 billion to cybercrime, a 43% jump from the prior year, per the FBI's Internet Crime Complaint Center, with AI-driven fraud among the fastest-growing categories.
The financial numbers are staggering, but they only tell part of the story.
Beyond the dollars: there's the communication breakdown. Spam calls have made millions of Americans afraid to answer their own phones. Legitimate calls get ignored. Doctors, schools, and employers can't reach people. The scam industrial complex doesn't just steal money; it erodes the basic utility of telephone communication.
There's also a shame and stigma problem. Many victims never report losses because they feel embarrassed. The FTC estimates only a fraction of fraud is ever reported, which means every number above is almost certainly an undercount.
The common assumption is that phone scams primarily victimize older adults who aren't tech-savvy. The data tells a more complicated and troubling story.
Truecaller's 2024 report found that adults aged 18 to 44 are three times more at risk of being scammed than older adults. The reason isn't naivety; it's exposure and volume. Younger adults conduct more of their lives on their phones, engage with more unknown numbers for work or gig jobs, and are more likely to click a link in a text without thinking twice.
Seniors, however, still experience the highest per-incident losses. They're targeted by more sophisticated schemes and are less likely to have someone to call to verify a situation before responding.
This finding deserves direct acknowledgment. Truecaller's data showed:
These aren't random patterns. Scammers identify which demographics are more likely to have certain fears or vulnerabilities, and they design campaigns around those specific pressure points.
Robocall complaint rates are highest (per 100,000 residents) in states including Nevada, Illinois, Florida, Delaware, Ohio, Arizona, and North Carolina, based on FTC Do Not Call Registry complaint data. Volume tracks with population density and also correlates with the concentration of seniors in certain states.
The scale of the overall problem: 56.2 million U.S. adults were impacted by spam and scam calls in 2023, per Truecaller. That's roughly one in six Americans.
The FCC's 2025 top robocall complaint list and broader industry reporting reveal consistent patterns. Here are the major categories.
The top category by FCC complaint volume in 2025. Calls claim to offer student loan forgiveness, mortgage relief, or credit card interest rate reductions. They create urgency around programs that are "expiring", and ultimately ask for personal financial information or upfront fees.
Fake health insurance offers, fake Medicare enrollment calls (especially during open enrollment periods), and bogus prescription assistance programs. Seniors are disproportionately targeted. These calls often collect Social Security numbers under the guise of "verifying eligibility."
Calls impersonating the IRS, Social Security Administration, FTC, or local police. The script is familiar: your Social Security number has been "suspended," there's a warrant out for your arrest, or you owe back taxes that must be paid immediately. Real government agencies do not call threatening immediate arrest or demanding payment by gift card.
Calls claiming to be from your bank, offering to lower your credit card interest rate or alerting you to suspicious activity. The goal is to get your full card number, security code, and billing ZIP, either directly or by transferring you to a "specialist."
A warning appears on your computer (or is described to you over the phone) claiming it's infected with a virus. The caller, posing as Microsoft or Apple support, asks for remote access to your device. Once in, they may install malware, steal data, or demand payment to "fix" a problem that didn't exist.
One of the most complained-about categories for years. Calls claiming your vehicle warranty is about to expire push you toward a fake service contract. They often know your car's make and model from public records, which makes them sound unnervingly real.
A caller uses a cloned AI voice of a grandchild saying "Grandma, I'm in trouble. I was in an accident and I need money right now, but please don't tell Mom." A "lawyer" or "police officer" quickly takes the call to collect payment. The FCC has issued specific alerts on this evolving scam type.
Text scams have exploded. Robotexts have nearly tripled since 2021, growing from roughly 7 billion to an estimated 19 billion annually by 2024. Here are the top categories from the FTC's 2025 data spotlight on 2024 text scams.
You get a text from "USPS," "FedEx," or "UPS" saying your package couldn't be delivered: click this link to reschedule. The USPS Postal Inspection Service has issued repeated warnings about this scam. The link leads to a phishing page designed to steal your name, address, and credit card information.
A text from what looks like your bank warns of suspicious activity and urges you to "verify" your account immediately. The link takes you to a near-perfect replica of your bank's login page. Enter your credentials and you've just handed them to a thief.
This scam surged sharply in 2024 and 2025. You receive a text claiming you have an outstanding toll balance that must be paid within 24 hours or face a fine. Scammers have impersonated EZPass, SunPass, and regional toll authorities. The FBI and FTC both issued alerts about this specific scheme.
"We came across your profile and think you'd be a great fit for a high-paying remote position." The job is real-sounding, the pay is attractive, and eventually you're asked to pay for "training materials," "equipment," or a "background check." The job was never real.
Fake notifications claiming you're eligible for a stimulus payment, SNAP benefits, or IRS refund, with a link to "claim" them. These texts often spike after real government relief programs are in the news.
These disproportionately target younger adults and, per Truecaller, Hispanic Americans specifically. Texts claim to offer loan forgiveness or restructuring, and ask for Federal Student Aid login credentials or Social Security numbers.
Scammers are sophisticated, but they rely on predictable psychological levers. Know what to look for.
Urgency and threats. "Act now or your account will be closed." "You'll be arrested if you don't call back within 24 hours." Manufactured urgency shuts down rational thinking. That's the whole point.
Unusual payment demands. Gift cards. Wire transfers. Cryptocurrency. Zelle. Venmo. Legitimate businesses and government agencies do not accept payment this way. If someone is asking you to pay with a gift card, it's a scam. Full stop.
Requests for personal information you didn't initiate. If you didn't start the conversation, you shouldn't be handing over your Social Security number, bank account number, or date of birth.
A too-perfect story. A caller who knows your name, your car's make and model, or even your address sounds more credible. That information often comes from data brokers, prior data breaches, or public records. It doesn't make the call legitimate.
The AI-perfect voice. A voice that sounds eerily natural, doesn't respond normally to off-script questions, or lags slightly before responding could be AI-generated.
Unsolicited links in texts. Legitimate companies don't ask you to log in, verify your account, or make a payment via an unsolicited text link. If you're concerned about your bank account or a delivery, go directly to the institution's official website.
Government threats via phone. The IRS doesn't call threatening arrest. Social Security doesn't suspend your number over the phone. The FTC doesn't demand gift card payments. If the "government" is calling you with an ultimatum, hang up.
Every major U.S. carrier offers some form of spam call protection. Use it. It costs nothing.
Carrier tools use network-level data. Third-party apps go further:
Guardio is rolling out its own scam call protection, bringing the same real-time scam detection it uses to flag dangerous links and sites to the calls that reach your phone. That means one connected layer of defense across the web, your inbox, and your phone.
You don't need an app to add a basic filter layer:
Visit DoNotCall.gov to register your number. This stops legitimate telemarketers, and helps you recognize that any telemarketing call you receive after registering is illegal. It won't stop criminal scammers (they ignore the law), but it reduces the total noise.
Reporting matters. It builds the datasets regulators use to investigate and prosecute scammers. Here's where to report, and what to report where.
One important note: when you report to the FTC, you don't get an individual response or investigation, but your report is added to a database that analysts use to identify patterns and bring enforcement actions. Each report counts.
Phone fraud isn't unregulated; it's just hard to regulate. Here's the legal framework that governs this space and where the gaps remain.
The TRACED Act is particularly significant: it allows civil penalties of up to $10,000 per call for intentional violations. The FTC has brought over 150 enforcement actions against robocallers and their facilitators.
The honest challenge: most of the worst actors operate from outside the U.S., routing calls through foreign VoIP providers and jurisdictions where U.S. laws don't reach. Technology is advancing faster than international enforcement cooperation.
The trajectory is clear, and it's not encouraging without the right response.
Scammers are trading volume for precision. Instead of blasting millions of generic "your warranty is expiring" calls, they're shifting to AI-powered, personalized attacks. Fewer calls, higher success rates. The Truecaller 2024 report documented a move "away from large-scale robocall campaigns to more sophisticated, AI-driven spearfishing attacks that are highly targeted and contextually relevant."
The tools enabling this are cheap, widely available, and improving constantly. Voice cloning that required studio equipment five years ago can now be done with a free online tool and a 10-second audio clip. Scammers who used to run call centers are now running AI inference servers.
On the regulatory side, the FCC's 2025 rulemaking on Advanced Methods to Target and Eliminate Robocalls signals that policymakers understand the gaps, particularly around non-IP networks and the limits of STIR/SHAKEN's identity verification. Whether enforcement keeps pace with innovation remains the open question.
For individuals, the bottom line is this: no single tool solves the problem. The best protection is layered: carrier-level blocking, third-party apps, built-in phone filters, and enough awareness to pause before acting on any unexpected call or text that creates urgency or asks for money or information.
Your phone is your most personal device. It deserves a layer of protection that matches how central it is to your life.
It reduces calls from legitimate telemarketers who comply with the law, but it has almost no effect on criminal scammers who ignore regulations. Registering is still worth doing; it helps you recognize that any telemarketing call you receive afterward is illegal, but it won't stop the bulk of the problem.
Generally yes, answering alone doesn't cause harm. But pressing buttons, speaking, or providing any information can confirm your number is active, increase future call volume, or put you in conversation with a live scammer. The safest approach is to let unknown calls go to voicemail.
Yes. Modern AI voice cloning tools can generate a convincing replica from just a few seconds of audio, the kind you might have on social media, YouTube, or even a public voicemail greeting. The FCC has explicitly warned about this and banned AI-generated voice robocalls, but the technology is freely available.
Act quickly. If you gave financial account information, contact your bank immediately. If you gave your Social Security number, place a fraud alert or credit freeze with the three major credit bureaus (Equifax, Experian, TransUnion). Report the incident to the FTC at ReportFraud.ftc.gov. If you transferred money, report to both the FTC and your bank; some transfers can be reversed if caught early enough.
That's "neighbor spoofing": scammers deliberately spoof numbers that match your local area code and prefix because people are far more likely to answer a call that looks local. It costs nothing extra for them to spoof any number they choose.
Yes, but you should never click a link in a text that asks you to log in or verify your account. If your bank sends you a text alert about suspicious activity, go directly to your bank's official website or call the number on the back of your card to verify. Legitimate bank texts typically only notify you of activity; they don't ask you to click a link to log in.
Smishing combines "SMS" and "phishing." It refers to scam attempts delivered via text message rather than a phone call. Smishing texts typically impersonate a trusted brand (a bank, shipping company, or government agency) and include a link to a fake website designed to steal your information.
Forward the text to 7726 (SPAM). This works on all major U.S. carriers and reports the message for investigation. You can also report it to the FTC at ReportFraud.ftc.gov. Then delete the message and block the number.
