RCS Abuse
Misuse of Rich Communication Services — the next-generation SMS standard — to send highly convincing phishing messages with interactive buttons, images, and verified branding.
Also known as: RCS phishing, Rich Communication Services fraud, RCS smishing
Last reviewed: 10 June 2026
Rich Communication Services (RCS) is the protocol designed to replace traditional SMS with app-like messaging features: high-resolution images, read receipts, group chats, and interactive action buttons. Google Messages and many Android devices now use RCS by default. Scammers have begun exploiting these capabilities to craft phishing messages that look and feel far more convincing than plain-text SMS: a package-tracking scam delivered via RCS can include a brand logo, a shipping progress graphic, and a 'Track Now' button, all within a native-looking chat interface.
The verification system that is supposed to distinguish legitimate business senders from fraudsters has gaps. In some deployments, an unverified sender can still use rich formatting, and the sender-verification checkmark can be confused with general message delivered indicators by inexperienced users. Carrier-level filtering for RCS fraud lags behind SMS filtering, partly because the protocol is newer.
Consumers should apply the same scepticism to RCS messages as to email: unexpected delivery alerts, prize notifications, and urgent account warnings should be verified through the official website rather than through any link or button in the message itself.