Understanding modern scams
Online scams have evolved into a highly organized, multi-billion-dollar industry. Instead of the obvious, poorly written messages of the past, today’s scammers use sophisticated psychological triggers and tech—like AI-generated text and hijacked branding—to blend right into your daily digital life.
Try the AdButter extension to contribute to the scam-fighting community.
The most common scams generally group into four primary categories based on where you encounter them.
The Scam Overview
1. Text Messages (Smishing)
Because people check their text messages quickly, texts are heavily exploited for scams requiring immediate action.
- The “Accidental” Friend: A text starts with something casual, like “Hey Sarah, are we still meeting for coffee?” When you reply that they have the wrong number, they use it as an opening to strike up a friendly conversation. This is the starting point for “pig-butchering” financial grooming schemes, where they eventually trick you into investing in fake cryptocurrency platforms over several weeks.
- Package & Delivery Deadlines: A message claiming a package from USPS, FedEx, or UPS cannot be delivered due to an “incomplete address” or unpaid customs fee. The link takes you to a cloned website designed to steal your credit card details.
- Expiring Rewards Points: Texts claiming your loyalty or credit card rewards points are about to expire, forcing you to log into a fake portal to “redeem” them.
2. Advertisements
Scammers pay for ad placement on legitimate platforms to exploit the implicit trust you have in search engines and social feeds.
- Search Engine Poisoning: When you search for customer service numbers (like for an airline, tech support, or a utility company), the top sponsored ad results are often set up by scammers. Clicking them connects you to fake call centers that demand payment or remote access to your computer to “fix” an issue.
- Deepfake Endorsements: Video ads on social media showing highly realistic, AI-generated footage of celebrities or political figures endorsing get-rich-quick schemes, fake government grants, or specific stock investments.
- Bait-and-Switch E-Commerce: Ads featuring high-quality videos of innovative products at impossible discounts. Buying from the ad results in your financial info being compromised, receiving a cheap counterfeit, or getting nothing at all.
3. Emails (Phishing)
Email scams remain incredibly prevalent, but they have moved beyond generic templates into highly targeted tactics.
- Adversary-in-the-Middle (AiTM): Sophisticated phishing emails that mimic a standard Microsoft 365 or Google Workspace login screen. When you log in, the scammer mirrors the legitimate site in real time, capturing not just your password but also your Multi-Factor Authentication (MFA) session cookie, bypassing standard security measures.
- Fake Calendar Invites: Rather than sending an email that might trigger a spam filter, scammers inject malicious links or “invoice due” alerts directly into your digital calendar via unexpected shared invites.
- Quishing (QR Code Phishing): Emails containing a PDF attachment or image of a QR code. Because security scanners struggle to read links hidden inside a visual QR code, it successfully forces you to use your phone to navigate to a malicious login screen.
4. User Messages (Social Media DMs, Chat Apps, Discord)
Direct messages target your social connections and professional ambitions.
- The Hijacked Friend Request: A message from an account belonging to someone you actually know, claiming they need money for an emergency, or offering a link to a “grant” they just won. In reality, your friend’s account was compromised.
- Work-From-Home & Job Recruiter Scams: Messages on LinkedIn or WhatsApp from “recruiters” offering high-paying, remote data-entry or optimization tasks. They put you through a fake onboarding process, eventually demanding you pay an upfront fee for training materials or specific home-office equipment that never arrives.
- Recovery Scams: If you post publicly on social media about being scammed or losing money, users will flood your comments or DMs claiming they know an “ethical hacker” who can recover your funds for an upfront fee.
Where to Identify & Report Scams by Region
If you encounter or fall victim to any of these tactics, reporting them immediately helps consumer protection agencies track trends, shut down fraudulent web domains, and alert the public.
United States (US)
In the US, consumer fraud and identity theft are handled by federal agencies and independent consumer networks. The Federal Trade Commission (FTC) serves as the primary national hub for tracking business scams, while identity theft has its own dedicated portal for recovery plans. For reporting localized fraud patterns and researching malicious business practices across North America, the Better Business Bureau (BBB) maintains a public heatmap and database.
- US FTC Report Fraud: reportfraud.ftc.gov
- US FTC Identity Theft Recovery: identitytheft.gov
- Better Business Bureau (BBB) Scam Tracker: bbb.org/scamtracker
United Kingdom (UK)
The UK operates a centralized reporting framework for cybercrime and fraud. Report Fraud (formerly Action Fraud) is the national reporting centre for England, Wales, and Northern Ireland, working directly with the National Cyber Security Centre (NCSC). Suspicious emails can be forwarded directly to government filtering systems, and mobile phone providers utilize a free text-forwarding service to catch smishing attempts.
- Report Fraud (Police Portal): reportfraud.police.uk
- NCSC Suspicious Email Reporting: Forward malicious emails to report@phishing.gov.uk
- SMS Text Reporting: Forward suspicious texts to 7726
European Union (EU)
Because the EU spans multiple nations, reporting is handled through cross-border networks and individual national enforcement bodies. The European Consumer Centres Network (ECC-Net) provides free guidance for cross-border consumer disputes and transaction fraud involving businesses located within EU member states. For broader international scams, European authorities partner with multi-agency frameworks to track global fraud trends.
- European Consumer Centres Network (ECC-Net): eccnet.eu
Global Initiatives
Global non-profit alliances work across international borders to unite governments, big tech, and consumer protection groups. These initiatives serve as centralized hubs designed to help citizens verify malicious domains, analyze regional scam trends, and share data to dismantle cybercrime networks worldwide.
- International Cross-Border Scam Tracker: econsumer.gov
- Global Anti-Scam Alliance (GASA): scam.org