Semi-related to your third point, I do not trust a text message from a company that does not use the shortened phone number system that was popularized by Twilio. It's the easiest way to detect phishing attempts because scammers don't use those.
Why wouldn't you? Anyone and their mother could get a long code number from Twilio for $1/mo, without any kind of verification or KYC process.
Meanwhile, a short code would run you $4500 for three months (IIRC, memory is fuzzy, and it's probably changed), and you had to go through an approval process with all the mobile carriers (that is, Verizon, T-Mobile, etc. had to individually approve the short code) where you explained your use case and promised not to spam.
(Obviously things are different now with the campaign registration and approvals requires even for long code numbers. But short codes are still harder to get, and the approvals more rigorous.)
