AI Hyper-Personalised Phishing Impersonating Your Mobile Carrier
AI tools generate personalised phishing texts and emails that reference your actual phone plan details, data usage, or loyalty points to make fake account alerts, upgrade offers, or SIM verification requests extremely convincing.
Part of: AI Hyper-Personalised Phishing Scams
Last reviewed: 8 June 2026
Mobile carriers send a constant stream of legitimate transactional texts and emails — bill notifications, data usage warnings, roaming alerts, and promotional offers — creating a high-traffic channel that AI-assisted phishing can exploit at scale. Criminals who access data broker records or prior breach databases can generate hyper-personalised smishing and phishing that reference your actual plan name, approximate data usage tier, account tenure, or loyalty status.
A generic carrier phishing text says 'Your account requires verification'. An AI-personalised one says 'Your [Plan Name] plan has used 95% of its 10GB allowance. Verify your payment method at the link below to avoid a service interruption.' The latter feels genuinely specific, and the familiar format of carrier usage alerts lowers the instinctive suspicion that should accompany any unsolicited link.
This attack type affects customers of all carriers — it is personalised to whichever network the victim uses — making this a cross-carrier threat that any mobile subscriber should understand.
How this scam works on the Your Mobile Carrier brand
The personalised smishing message arrives referencing a real aspect of the victim's phone contract — a plan name, a data tier, or a loyalty reward that is about to expire. The link leads to a page styled to match the carrier's genuine online portal, asking for the account login or payment details to resolve the stated issue.
AI can also personalise timing: a message about a roaming charge is most effective immediately after the victim returns from a trip, data sourced from social media check-ins or public travel posts. A message about a contract renewal is most credible when it arrives close to the actual renewal date, inferred from account tenure data.
After credentials are captured, the attacker can initiate account changes — SIM swaps, number ports, or device upgrades — with the authenticated session, combining personalised phishing with account takeover in a single flow.
Common red flags
- A text references your specific plan name or data usage tier but the link it contains goes to a non-carrier domain
- The message claims your account will be suspended or incur charges unless you verify within a short window
- A follow-up call references the same specific plan details and asks for your account PIN or a verification code
- The link in the text uses a URL shortener or a domain that closely mimics your carrier but is not their official site
- The message includes details that seem too specific to be a mass-blast but you did not initiate any account action
- Your account shows login attempts or changes in the account portal after you received the message
How to protect yourself
- Log in directly to your carrier's official app or website to check any account alerts — never through links in texts
- Forward suspicious carrier-branded texts to 7726 (SPAM) to report smishing to your network
- Enable your carrier's SIM lock or number protection feature to prevent porting even if credentials are captured
- Use an authenticator app for carrier account two-factor authentication instead of SMS alone
- Be sceptical of any text that is unusually specific about your plan or usage — accuracy is not a mark of legitimacy
- Review your carrier account's security settings and notification preferences to ensure you receive all genuine alerts
How to report it
- Forward the smishing text to 7726 and report to your carrier's fraud team via their official website
- Report to the FTC at reportfraud.ftc.gov
- Report to the FCC at consumercomplaints.fcc.gov if the text involved spoofed sender information
- If account changes were made, contact your carrier immediately and request a full account review
Frequently asked questions
How do scammers know my specific phone plan details?
Plan details can appear in data broker profiles assembled from carrier billing history leaks, customer service chat logs exposed in breaches, or from personalised offers you may have posted about on social media. The specificity is designed to disarm your critical response.
Is forwarding to 7726 actually useful?
Yes. 7726 (SPAM) is the universal shortcode for reporting smishing in the UK and US. Carriers use these reports to identify and block smishing campaigns and share data with regulators. It takes seconds and genuinely contributes to reducing the volume of smishing.
My carrier already uses two-factor via text. Isn't that enough protection?
SMS-based two-factor can be intercepted through SIM swap or smishing attacks. An authenticator app-based second factor is more resilient. Enable your carrier's number lock feature as an additional safeguard against SIM swap.