Delete These Texts—Just 24 Hours To Hack Your Phone (2025)

The dangerous email and text threat campaigns making headlines this year are designed to trick you into clicking a link that will steal your credentials or install malware on your device. Some of those links are in an email or text or social media post and some are in an attachment. Others may be disguised behind an image or QR code. The demand for devious domains to successfully trick users has never been higher.

ForbesNSA Warning—Have Your Message Settings Changed?By Zak Doffman

DomainTools has just warned that "the sheer volume of newly observed domains in 2024 was over 106 million — approximately 289,000 daily creating a significant challenge for security teams." The report shares many “worldwide publicly reported malicious domains and the global scale of all newly observed domains of that year.”

But even more alarming than the scale of this attack industry is the rapidity with which it moves. DomainTools CISO Daniel Schwalbe tells me “the common cradle-to-grave life cycle of a malicious domain is 24 hours.” That means it all has to happen in a single day before the link stops working. Below are typical keywords for links to malware that have just that day to hack your phone or phishing sites to steal your credentials.

No sooner have users hit the scam button or reported the malicious message link, than the scammers are unwrapping another new domain that won’t yet be on any filter list. This is yet another reason Apple and Google and telco networks are under fire for a seeming inability to cut off these text scams that helped drive U.S. losses from such frauds up 33% to more than $16 billion last year.

The FBI warns users to delete all so-called smishing texts from your phone. These are texts containing the malicious domains that lead to malware, credential harvesting, even identity theft. It’s fueled by Chinese organized criminal gangs that operate on an industrial scale. And it will soon evolve from undelivered packages and unpaid tools to sophisticated financial campaigns mimicking your bank or credit card provider.

“The fact there are almost 1,500 top level domains active on the internet right now,” Schwalbe warns “is both a blessing and a curse. Threat actors are certainly capitalizing on the opportunity to either get very cheap domains, or register domain names that impersonate legitimate businesses and organizations under lesser known TLDs.”

Not only are these unlimited domains cleverly crafted, but new tricks are coming into play as well. This week, Group-IB warned that it has “uncovered an ongoing phishing campaign impersonating toll road services, using Google AMP links and browser fingerprinting to evade detection.” In these new attacks, “scammers leverage trusted platforms like Google AMP to mask phishing URLs, redirecting victims through legitimate domains to evade detection and abuse user trust.”

DomainTools says it compared 106 million newly observed domains from 2024 against a reference set of 395,000 known malicious domains… utilized by both nation-state sponsored Advanced Persistent Threat (APT) groups and cybercrime operations."

“This report is not just about identifying bad actors in 2024,” Schwalbe says. “We want the community to look at this like a blueprint. We are providing analysis on Domain intelligence to enhance our fellow defenders’ ability to identify risky Domains and proactively mitigate threats to help make the Internet a safer place for everyone.”

ForbesWhy You Should Never Call These Numbers On Your PhoneBy Zak Doffman

The advice is clear. Do not engage with any text that contains a lure from a well-known brand or organization and a link. Do not click any links or open any attachments. Delete all such texts from your phone immediately. You cannot beat these scammers. You need to go back to basics and adopt a zero tolerance, absolutist approach to staying safe.