Why You Should Never Reply "STOP" to Spam

You’ve seen it a hundred times. A text message from an unknown number: “Your USPS package is delayed, update delivery here” or “Your account has been suspended, verify now.” At the bottom, in small print, it says: “Reply STOP to opt out.” Your first instinct might be to do exactly that—block the sender and move on. But that reflex is exactly what scammers are counting on. Replying “STOP” to spam texts does not unsubscribe you from messages. Instead, it confirms to fraudsters that your phone number is active, attached to a living, breathing human who responds to prompts. That one reply can double or triple the volume of malicious texts you receive, and in some cases, it opens the door to more aggressive scams like smishing attacks.

Smishing—a blend of SMS and phishing—is a form of cyberattack where criminals send text messages designed to trick you into clicking a link, downloading malware, or handing over personal information. These messages often impersonate trusted organizations: banks, shipping companies, the IRS, or even your own mobile carrier. The “STOP” option is a deliberate trap. Legitimate businesses that you have an existing relationship with will always have a verifiable opt-out process, often through a dedicated customer service line or a preference center on their official website. A random text from a number you don’t recognize, urging you to reply “STOP,” is almost certainly a scammer’s test. When your phone pings back, your number is flagged as “live” and sold to other criminals in bulk. Within days, you may start receiving fake charity appeals, loan offers, or even extortion threats.

The danger extends beyond irritation. Once scammers know you’re reachable, they may target you with what’s called a “number spoofing” attack. They clone your phone number and use it to scam your contacts, making it look like you are the one sending malicious links. Or they may use the information you inadvertently provided—like your name or city from that fake delivery text—to craft a convincing phishing message that appears to come from your bank. The goal is always the same: get you to engage. Engagement is the victory condition for a smisher. Whether you reply with “STOP,” “YES,” “NO,” or “HELP,” you are giving them what they want.

So what should you do instead? The answer is simple and costs you nothing: do not reply at all. Do not click any links. Do not call any phone numbers listed in the message. Delete the text immediately. If the message claims to be from a company you actually do business with, contact that company through a phone number or website you already know is legitimate—never through the information in the suspicious text. For example, if you receive a message saying your bank account is locked, open your banking app directly or call the number on the back of your debit card. Do not use the link or number in the text.

Block the sender’s phone number through your phone’s settings. On most smartphones, you can also report the message as spam to your carrier. On iPhones, you can report iMessage spam by tapping “Report Junk” under the message. On Android, long-press the message and select “Block & report spam.” This helps your carrier identify and filter similar messages in the future. Do not be fooled by messages that appear to come from a short code (a five- or six-digit number) or from a number that looks like your own area code—scammers can spoof those too. You can also forward the suspicious text to 7726 (SPAM) on most US carriers, which alerts your provider’s anti-spam system.

You may wonder about legitimate marketing texts. A real business that you have opted into—like your pharmacy’s prescription alerts or a store’s sale notifications—will always have a lawful unsubscribe process that works. In the United States, the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act require that commercial messages include a clear, working opt-out mechanism. But that mechanism is tied to your specific account, not to a random text with no account information. If you reply “STOP” to a one-off message that doesn’t include your name or account number, you are not unsubscribing from anything—you are signaling to a criminal that there is a mark on the other end.

A final point. Middle-class Americans aged 45–64 are prime targets for smishing because they often have established credit, savings, and a history of online shopping. Scammers know this. They work methodically. One reply of “STOP” can lead to a cascade of more targeted messages—fake IRS threats, fake Amazon order confirmations, fake Netflix password resets. Each one has a higher chance of landing because you already proved you were paying attention. Your best defense is a low threshold for suspicion: if you didn’t ask for the message, don’t touch it. No reply, no click, no call. Just delete and block. Protecting yourself from smishing is not complicated—it just requires breaking the habit of wanting to “do something” about an unwanted text. Sometimes the most powerful action is inaction.