Scammers are sending fake reward-points expiration texts to trick consumers into clicking phishing links, according to an FTC alert published April 6, 2026.
Rewards program members are being targeted by phishing texts that impersonate legitimate brands, warning that points are about to expire in order to steal account credentials or personal information.
You receive an unsolicited text message — often appearing to come from an airline, hotel chain, or retail loyalty program you actually belong to. The message creates urgency by claiming your points will disappear unless you act immediately. It looks something like this:
The link leads to a convincing fake login page designed to harvest your username, password, and sometimes payment details. Because you may genuinely be enrolled in a rewards program, the premise feels entirely plausible.
Real loyalty programs do not send urgent same-day expiration warnings via SMS with shortened links. They notify members weeks or months in advance through email and inside their app or web account. The combination of artificial urgency, a shortened or unfamiliar URL, and a request to log in from a text-message link is the giveaway. The hostname on the linked page will almost never match the brand's real domain — look closely at the address bar before you type anything.
Real-time fraud intelligence and free tools related to this topic
ScamRadar · Blog · Scam Database · About