Crash Course: Spam Text Messages, Fraud and TCPA Compliance

Smartphone with a spam alert message

It’s a truth universally acknowledged that spam messages are annoying. It doesn’t matter if it’s a phone call, an email or a text blast, because the result is the same: spam wastes your time.

If you’re a consumer, receiving a robocall is disruptive and frustrating. As a business, even inadvertently spamming customers can hurt your marketing efforts.

So, how can we optimize the communication experience between businesses and customers? How can we keep texting a high-priority medium?

Understanding what does and does not constitute as spam can help.

Please note: These are guidelines to act as a crash course and are not meant to be taken as legal advice.

Spam communication

The Telephone Consumer Protection Act (TCPA) has strict rules regarding phone calls that are administered by the Federal Communications Commission (FCC). The FCC reported that unwanted calls, both illegal and spoofed robocalls, are their top consumer complaint and protection priority.

But what does that mean for texting?

Business texting falls under the TCPA. It’s subject to the same regulations to protect consumers from things like invasions of privacy and scams.

While less common than robocalls (predicted to make up nearly half of all phone calls by 2020), spam text messages do exist. And they’re just as frustrating for consumers.

What is spam text messaging?

Generally speaking, spam text messages are unwanted, unsolicited and unhelpful. These are the sort of messages that make the recipient wonder how the sender even got their number.

Spam texts could be part of a business’ legitimate marketing blast where they’re trying to reach as many customers as possible with a promotion. Or they may be the equivalent of email’s “junk” mail.

One of the most important distinctions about spam messaging relies on user consent. Did the recipient consent to be texted by the business? Can they easily opt-out of the messages and have that choice be honored?

Spam vs. fraud

While not all spam is fraud, fraudulent messages do fall under the category of spam messaging in that they’re unwanted, unhelpful and unsolicited. Text scams can be very dangerous when the sender uses deception to try and obtain personal information from consumers.

Fraudulent text messages and phone calls can provide opportunities for identity theft, malware, etc.

Our phones are personal and can hold a ton of sensitive information, from passwords and application data to our contacts and personally identifiable information. Phones, especially smartphones, are so connected to our lives that they’ve become a target for hackers and scammers.

Communications scams are nothing new. American consumers are becoming jaded with the rise of robocalls. We’ve heard the chipper saleswoman trying to get us to enter personal information for a fake cruise or the intense automated voice falsely claiming legal action on behalf of the IRS if we don’t enter our details through the phone now. Most of us have learned to just hang up and move on with our day.

Scams have polluted and cluttered email inboxes and voicemails, and text messaging isn’t immune to abuse, either.

There’s even a term the FCC uses for communications scams sent to people via text. They call it smishing, which stands for SMS + phishing.

Red flags for potential spam and fraud messages

Some common patterns of spam and scam messages are:

  • An unknown, unrecognized contact number. The sender may pretend to be a well-known company or agency, but the phone number and URL will not match the legitimate domain.
  • Shortened URLs (such as,, shorturl.xx, etc.) are typically scam links, as most large and reputable businesses do not use these free shorteners.
  • The text offers a random promotional deal, but you never signed up to receive texts from that business.
  • Asking for personal information such as account details, passwords and social security numbers.
  • The text requires you to click a link or download an image.
  • The text message doesn’t use the same natural language you’d have when texting a friend.

Spam text message examples

Spam text messages can take many forms but here are few commonly used formats to look out for:

Spam text message example with suspicious link for promo deal
If you’ve never interacted with this company this could be spam. If you’ve done business with them, but never consented to their texts then it still could be classified as spam. In this example, the company sounds fake. The unrecognized phone number and mismatched website do not point to legitimacy.

It’s highly likely that the link provided in the text is meant to phish data and personal information from the recipient who clicks it.

Spam text message claiming fines on account to scam recipient
This is probably not the kind of text you would receive from the company or agency that manages your account. It’s an unrecognized phone number, vague and impersonal, and the recipient only has the option to proceed by clicking an unknown link.

It’s probably spam, and an attempt to scam the receiver out of personal information.

Spam text message with a suspicious link to download image preview of package delivery
Unless you’ve opted-in for texts from a delivery company or business (and you’re expecting a package), this is probably spam. Plus, the requirement to download an image onto your phone or click a shortened URL to see the photo is a common way for scammers to install malware or obtain data from recipients who click the link.

Spam text message falsely claiming to be Chase Bank with suspicious link to check accounts
This is an example of a sender falsely claiming to be a member of a well-known company or agency, much like the IRS telephone scam, in order to obtain the recipient’s account details.

If you actually had an account with the bank, they would likely message you from a recognized number or through a separate app. A reputable company, agency or institution typically won’t use shortened URLs.

Spam texting vs. spam email

Texting is different from email in both its use and reception.

  • Texting is a high priority medium. It’s more personal, opened more often and has a faster response rate than email. Plus, there’s no junk folder.
  • Recipients are charged for the mobile data used to receive a text, as opposed to emails sent over the internet. Texts are not generally as high volume as emails, but this cost difference can make spam text messages especially frustrating.
  • Text messaging is more protected from spam by mobile carriers, software providers and FCC regulations than the average email inbox. Plus, smartphones are getting smarter in efforts to alert consumers of potential robocalls.

Texting is part of the future. If businesses want to keep it as a strategy that can beat out email and phone calls for customer responsiveness, then there’s a responsibility to keep the medium from being inundated with spam.

With great power comes great responsibility, and we have some best practices to help businesses text responsibly.

Best practices for TCPA compliance

No matter what texting tool you decide to use, complying with the TCPA involves two key parts: consent and opt-in/opt-out choices.


Consumers must consent to be texted by your business before you text them.

There are a few ways this can happen, and different communication purposes require different levels of consent. For example, there could be implied consent if the consumer texts your business first and is awaiting a response. They could also express consent to be texted over a text, a form they’ve filled out, verbally or through your website. Or they could have expressed written consent by signing a form or checking a box that allows promotional content through texting.

Many businesses include a “double opt-in” when the consent or information was received from a phone call or web form. Not only does this confirm the recipient’s consent to text messages, it also confirms that the phone number they entered is legitimate and correct.

The option to text a business should be just that: an option. It’s a benefit for the consumer and a modern feature meant to make their lives easier. Texting should not be required to do business or receive pertinent information, otherwise it’s not really an opt-in.


A consumer opts in when they give consent to be texted. However, under the TCPA they are fully within their rights to withdraw that consent and “opt-out” at any time. If you can unsubscribe from email newsletters or put your phone on a Do Not Call Registry, you need to be able to cut off unwanted or unsolicited texts, too.

The opt-out/opt-in feature must work correctly and be honored by any texting tool or technology. Generally, the consumer texts STOP to end communication or UNSTOP to resume. The keywords are not case sensitive, and they’re only “triggered” when sent out as a single word, without leading spaces or punctuation.

It’s best practice to include these opt-out messages (explicitly stating that the customer can reply STOP to cease communication) every three to five messages sent.

It’s also a good idea to have the opt-out function supported on both the network and platform level, so that it’s handled automatically. That way, there’s no room for human error or filing mistakes and the opt-out decision can be honored.

Best practices to keep your business texts valuable

You’ve done your homework. You’ve received consumer consent, they’ve opted-in, and you’re ready to start texting. How can you keep your messages helpful, wanted and valuable?

Texting is a potent medium, so it needs to be used strategically. Here are a few best practices to help you make business texting a key feature of your customer experience.

Have a purpose when texting your customers

There are many scenarios in two-way business texting, from troubleshooting to rescheduling. But overall, we’ve found three common types of text messaging:

  • Informational messages are quick, and often automated with dynamic fields, to remind customers about appointments, due dates, package deliveries, etc. They don’t usually require a response, but the customer could text back if they needed to reschedule.
  • Conversational texts are usually initiated by the customer. This is where two-way texting can shine and allow the business to answer questions or respond to issues without needing to pass the customer off to a different medium or department.
  • Promotional texts are marketing deals, digital coupons and, as the name implies, sales promotions. They can be useful for customers who want to know about the best deals instantly instead of sifting through their email inbox.

Keep it professional, but text like a real person

Since texting is a high-priority medium with no junk folder, it’s important to keep messages short and sweet. You don’t want to overdo it in your text message marketing. No one wants to be bombarded with texts or be messaged at 3 a.m. from a business, even if they are legitimate promos.

A recognizable, 10-digit phone number can even have an advantage over short codes when it comes to text message marketing. While short codes specialize in high throughput messages, they can be disregarded as automated messages. Meanwhile, a “real” phone number signals to consumers that it’s a real business with humans somewhere on the other side of the screen.

A 10-digit phone number is like your real estate or web domain. It adds to your brand recognition and value, so being able to text from your existing landline can skip the hurdles of explaining to customers that you have a new number for texting. Plus, keeping the same number makes it even easier to market your texting capabilities.

However, it’s still best to introduce yourself with your name and company to give the recipient context and avoid confusion. We introduce ourselves in emails and phone calls, so why not texting? It’s easy with features like automated signatures, and it’s polite.

Business texting has its own etiquette and its own guidelines. While texting is conversational, and more casual, teams still need to be professional when communicating with customers. We cover tips like introducing yourself, sticking to regular business hours of 9 a.m. to 5 p.m. for texting customers and more in our free e-book, The Ultimate Guide to Texting Your Customers.

The Zipwhip benefit

Texting is the most effective way to communicate with customers and we here at Zipwhip want to keep business texting as a powerful medium. The consumer responsiveness in texting should be a benefit, not a liability for spammers who want to take advantage of the growing technology.

That’s why we made sure to ingrain TCPA compliance into our software and include state-of-the-art data encryption to secure customers’ sensitive information both in transit and in the archives.

Plus, our direct partnerships with carriers helps us block spam and monitor phishing attempts to better protect your customers on a network and platform level.

Want to see these Zipwhip benefits in action? Try us out with a free trial!

To learn more:

For a deeper dive into spam and scams, check out our podcast episode where host Scott Heimes discusses compliance in the world of business texting with Zipwhip’s senior message deliverability and fraud analyst Carter Harris.

We also made a free TCPA e-book for you to download and keep as a guide. It covers some of our best practices in business texting to help you stay compliant.

Stop by our Resource Center for on-demand webinars. In our June webinar, How to Minimize Legal Risk When Texting Customers, Zipwhip’s Chief Technology Officer, James Lapic, and telecommunications lawyer Steve Augustino discussed the ins and outs of TCPA.

Share on facebook
Share on linkedin
Share on twitter
Share on email

Start texting today with a free trial of Zipwhip