Can You Get Hacked By Replying To A Text?

Published: October 20, 2023

If you own a phone, you’ve likely regularly received texts from unknown senders alerting you to an impending delivery, a free holiday, or even a mysterious inheritance. All these messages ask is for you to click a link. Sound familiar? Then you know they’re fake.

You’re far from alone in this. In 2022, Americans received over 225 billion robotexts (a “robotext” is an automated text message sent by a computer system or bot), a staggering 2.5x increase from 2021. A study by TrueCaller from the same year found that 85% of respondents had received a robotext in the preceding 12 months.

Thanks to new legislation forcing phone companies to block robocalls, text messages are now one of the most popular methods hackers use to infiltrate smartphones.

Luckily, receiving a text message alone usually isn’t enough for a successful hack. What you do after receiving the message is crucial in determining whether the attack is successful or not.

In this article, we’ll cover how you can be hacked via text and provide practical tips on protecting yourself from unwanted text messages and SMS hacks.

Worried your phone is hacked?

Quickly find and remove cyberthreats today with one of Certo's award-winning apps.

Can Phones Get Hacked from Text Messages?

As mentioned above, you can’t get hacked by simply receiving a text message. The problem comes in when you reply to a text or click on a link it provides. Following a link can allow attackers to hack your phone, and responding to a text can open you up to phishing or social engineering attacks—which we will expand on shortly.

SMS hacks or spam texts typically involve leveraging social engineering techniques to deceive the user into giving out private or personal information. Some more advanced attacks even exploit vulnerabilities in the messaging app or operating system to take complete control of the device.

Example of a fraudulent text message for can you get hacked by replying to a text article

Fig 1. Example of a fraudulent text message.

How Can Your Phone Be Hacked via Text?

SMS phishing (Smishing)

🔺 How it works: Attackers send fraudulent text messages that appear to come from trustworthy online accounts, like banks or legitimate companies.

The message usually prompts the recipient to act by following suspicious links or calling a number.

⚠️ Risk: Once the recipient follows these instructions, they might be directed to malicious websites where they unwittingly provide their sensitive data, login credentials, or banking information to hackers. Alternatively, they could download malware onto their device.

If you’ve followed a suspicious link, don’t worry. Here’s our guide on what to do if you have clicked on a phishing link.

💡 Can You Get Hacked By Replying To A Text?

The short answer is no, just replying to a text will not mean that your device is hacked.

However, we strongly discourage anyone from replying to a spam or fraudulent text message. This could alert the hacker that your device is active and open you up to further attacks.

Malicious links or attachments

🔺 How it works: The text message contains a link or attachment that, when clicked or downloaded, installs malware on the user’s device.

⚠️ Risk: Once installed, this malware can steal sensitive information, monitor user activity, or provide backdoor access to the device.

So, to avoid falling victim, don’t open texts with file attachments, especially from unknown or spam numbers.

A zero-click exploit

🔺How it works: Attackers send specially crafted text messages containing malicious code that exploit vulnerabilities in the messaging app or the device’s operating system.

⚠️Risk: These messages can allow attackers to crash the device or gain unauthorized access without any action from the user. While most require you to click on a link, some exploits are even zero-click, meaning the user doesn’t need to interact with the message for the hacker to access the device.

Messaging apps are often targeted because they receive large amounts of data from unknown sources without requiring action from the target phone. It’s important to note that zero-click hacking is extremely rare and the technology behind these attacks is usually only available to governments.

Identifying Spam Messages

Fraudsters send billions of unsolicited messages each month, hoping that a small percentage of people will respond. And their scams are getting harder and harder to spot.

Now that you understand how you can get hacked by replying (or not!) to a spam text message, here are a few ways to spot suspicious messages:

❗ Unknown sender: If the message is from an unknown number or a short code you don’t recognize, it could be a sign of spam. Be especially cautious if the message urges immediate action or tries to instill a sense of urgency.

❗ Suspicious links: Be wary of any unexpected links in messages. Don’t follow them. Spammers often use shortened URLs to hide the final destination.

❗ Offers that seem too good to be true: If you receive unsolicited offers that seem too good to be true (e.g., winning a lottery you didn’t enter, huge discounts), it’s likely spam.

❗ Requests for personal information: Legitimate organizations usually don’t ask for sensitive information (like passwords, Social Security numbers, or bank account details) via text message. Be suspicious of any message that does.

❗ Grammar and spelling mistakes: Many spam texts, especially those from international sources, contain glaring spelling and grammatical errors.

❗ Instructions to text ‘STOP’ or ‘NO’: While legitimate companies often offer an opt-out option, some spammers use this as a trick to confirm that your number is active.

❗ Random codes: If you didn’t request a code (e.g., for two-factor authentication or a password reset) but received one, someone might be trying to access one of your accounts. Instead of using the code, go directly to the service’s official website or app to check on your account.

How to Protect Your Device From Text Hacking

💡 The Golden Rule: Keep Your Device Updated

Regularly update your device's operating system and messaging apps. Updates often contain security patches for known vulnerabilities that hackers might try to exploit.

➡️ Beware of unknown senders

Receiving spam texts is generally harmless; clicking links in spam text messages is not. It is never a good idea to click on links in text messages from unknown senders.

If you receive a message from a known contact, but the content seems out of character or unexpected, contact them through another method to confirm its legitimacy.

➡️ Don’t reply to scam texts

As mentioned above, spotting malicious texts is easy if you are vigilant.

When you receive a random text from an unknown person, you might be tempted to reply and call them out. Don’t.

Your first defense against spam texts is never to reply to unknown numbers (this applies to phone calls, too!)

Unless you know the sender, texting back can be dangerous, leading to more spam texts or potential scams.

How to block spam texts on Android:

Open the spam text and tap the three dots icon in the top-right corner.
Tap Details.
Tap Block and report spam.

Fig 2. Blocking a caller on Android.

How to block spam texts on an iPhone:

Open the Messages app.
Open a spam text message and tap the name of the sender. Then, tap the info icon at the top of the screen.
Select Block this caller.

Blocking a caller on an iPhone for can you get hacked by replying to a text article

Fig 3. Blocking a caller on an iPhone.

You can also set it up so that it can block spam texts automatically:

Go to your iPhone’s Settings app and tap Messages.
In the Message filtering section, toggle the button for Filter Unknown Senders to on. Any messages you receive from unknown numbers in iMessage or Messages will be collected in a separate list.

➡️ Use a Virtual Private Network (VPN)

A VPN helps to secure your Internet connection and protect the data you send and receive online. We would highly recommend NordVPN

VPNs protect your privacy online by hiding your IP address and encrypting your traffic. This makes it more difficult for third parties to track your online activity and steal your data.

This service is beneficial when using public Wi-Fi networks, which are often unencrypted, making it easy for hackers to gain access to steal your data from your mobile device.

➡️ Install antivirus software

Phone hacking via text message is a problem for users of both iPhone and Android devices. Installing antivirus software is one of the best ways to protect your cell phone.

Security software like Certo AntiSpy for iPhone and Certo Mobile Security for Android helps protect your device by detecting malicious apps and other cyber threats.

Here are some of the key benefits:

✅ Detecting spyware or bugging software on your device.
✅ Analyzing your operating system for signs that it has been compromised.
✅ Removing threats and restoring your privacy.
✅ Identifying which apps have access to your location, camera, etc.

Certo Mobile Security for Android for can you get hacked by replying to a text article

Fig 4. Certo Mobile Security for Android.

➡️ Enable two-factor authentication

Two-factor authentication (2FA) is a security process that requires two different methods to verify a user’s identity. This makes it much more difficult for attackers to access a user’s account, even if they have stolen their password.

2FA works by securing an account with two pieces of information:

✅ Something you know: This is usually a password, PIN, or passphrase.

✅ Something you have: This could be a physical token, such as a security key, or a one-time code generated by a mobile app.

How to set up 2FA on Android:

Go to the Settings app and select Google.
Tap Manage your Google Account.
Tap the Security tab in the navigation panel at the top.
Scroll to the Signing in to Google section.
Press the 2-Step Verification option.
Hit the Get Started button at the bottom of the page.
Enter your password to verify your identity, and tap Next to log in.
Select Text Message under How do you want to get codes?
Enter the verification code you’ve been sent to confirm it works and hit Next.
Press the Turn on button to finalize the process.

How to set up 2FA on an iPhone:

Go to the Settings app and select your name.
Select Sign-In & Security.
Look for Two-Factor Authentication and tap to turn on.

Find out if your phone is hacked

Certo's award-winning spyware detection tools for iPhone and Android are trusted by millions worldwide.

Final Thoughts

So, can you get hacked by replying to a text? The short answer is no.

However, the more significant risk lies in the content of the text. If it contains a link and you follow it, you could inadvertently download malware or be led to a scam site.

Simply responding might not give hackers the keys to your digital kingdom, but it can get you on a spammer’s radar. It’s like opening your door to a stranger—you might just get an annoying sales pitch, but there’s always the risk of something more malicious lurking. So, play it safe: steer clear of engaging with or clicking on anything from numbers you don’t recognize.

Luckily, other ways exist to protect yourself from unsolicited texts and phone calls.

These include:

✅ Being vigilant and understanding the telltale signs a message is malicious.

✅ Ignoring spam texts and blocking them.

✅ Using a VPN and activating 2FA on your devices.

✅ Installing an antivirus like Certo AntiSpy for iPhones and Certo Mobile Security for Android devices to stay ahead of scammers.