The FTC says some messages claiming loyalty “points are expiring today” are phishing attempts. Victims can be pushed to reveal sensitive personal or financial information or to install harmful software.

The FTC is warning consumers about a surge of text messages that claim loyalty or reward points are expiring “today,” using urgency to drive clicks. In these scams, links or prompts inside the text are designed to move victims to fraudulent pages that can harvest sensitive data—such as Social Security numbers, credit/debit card details, or account credentials. The FTC also cautions that some messages may lead to malware installation rather than legitimate account access. To verify, the FTC recommends not using links embedded in the text. Instead, consumers should open the official loyalty program app or navigate to the company’s website by typing the address directly or using a trusted bookmark. If the text claims a sudden change (like an immediate expiration), take a step back and check for the same notification inside the legitimate app or account dashboard. The key pattern is pressure: “expiring today” and similar language are designed to bypass careful verification. Treat unexpected reward-point alerts as suspicious until confirmed through official channels.