By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Whether it’s the FBI warning about smartphone attacks leveraging fears of deportation in the U.S. foreign student population, recommendations to use a secret code as AI-powered phishing campaigns evolve, instant takeover attacks targeting Meta and PayPal users, or confirmed threats aimed at compromising your Gmail account, there is no escaping the cyber-scammers. Indeed, the Global Anti-Scam Alliance, whose advisory board includes the head of scam prevention at Amazon, Microsoft’s director of fraud and abuse risk, and the vice president of security solutions with Mastercard, found that more than $1 trillion was lost globally to such fraud in 2024. But do not despair, despite the Federal Trade Commission warning of a 25% year-on-year increase in losses, Google is fighting back. Here’s what you need to know. There can be no doubt that online scams, of all flavors, are not only increasing in volume, but they are also evolving. We’ve seen evidence of this in the increasing availability and cost-effectiveness of employing AI to empower such threat campaigns. No longer the sole stomping ground of solo actors and chancers looking to make a few bucks here and there, the scams threat landscape is now dominated by organized international groups operating at scale. The boundary between online and physical, offline fraud is blurring. Hybrid campaigns are a reality, combining phone calls with internet calls to action. The Global Anti-Scam Alliance State of Scams Report, published in November 2024, revealed the true cost of such crimes: $1.03 trillion globally in just 12 months. A March 2025 report from the Federal Trade Commission showed that U.S. consumers alone had lost $12.5 billion last year, up 25% from 2023. And that GASA report also found that only 4% of victims worldwide reported being able to recover their losses. Something has to be done, and Google’s Trust and Safety teams, responsible for tracking and fighting scams of all kinds, are determined that they are the people to help do it. “Scammers are more effective and act without fear of punishment when people are uninformed about fraud and scam tactics,” Karen Courington, Google’s vice president of consumer trusted experiences, trust & safety, said. In addition to tracking and defending against scams, Google’s dedicated teams also aim to inform consumers by analyzing threats and sharing their observations, along with mitigation advice. The May 27 Google fraud and scams advisory, does just that, describing the most pressing of recent attack trends that have been identified. These are broken down into five separate scams, each complete with mitigating best practice recommendations, as follows: Customer support scams, often displaying fake phone numbers while pretending to be legitimate help services, are evolving and exploiting victims through a combination of social engineering and web vulnerabilities, Google warned. Along with the protection offered by Gemini Nano on-device to identify dangerous sites and scams, Google advised users should “seek out official support channels directly, avoid unsolicited contacts or pop-ups and always verify phone numbers for authenticity." Malicious advertising scams, often employing the use of lures including free or cracked productivity software and games, have also evolved. “Scammers are setting their sights on more sophisticated users,” Courington said, “those with valuable assets like crypto wallets or individuals with significant online influence.” Google uses AI and human reviews to combat the threat and block ad accounts involved in such activity. Only download software from official sources, beware of too good to be true offers, and pay particular attention browser warnings when they appear, Google said. Google’s teams have seen an increase in fake travel websites as the summer vacations get closer, usually luring victims with cheap prices and unbelievable experiences. Again, these will likely impersonate well-known brands, hotels, and agencies. Google advised users to use its tools such as “about this result’ to verify website authenticity. “Avoid payment methods such as wire transfers or direct bank deposits,” Courington said, “especially if requested via email or phone.” There are some people who just demand to be listened to, not through the loudness of their voice or the position of power they find themselves in, but rather because of the sheer experience they bring to the table. When it comes to the phishing threat, one of these people has to be Paul Walsh. I have been around the online business more than long enough to remember when, in 2004, Walsh was tasked with refining the World Wide Web creator, Tim Berners-Lee’s, vision of one web. This was when the W3C Mobile Web Initiative was co-founded by Walsh, who also happened to be head of the New Technologies Team at AOL in the 90s. See, I told you I had been around a long time, and AOL wasn’t even my first rodeo on the internet. The point being that Walsh has huge experience when it comes to the phishing threat, having helped launch AOL’s Instant Messenger AIM client and becoming one of the first people online to fall victim to impersonation attacks as a result. But, it doesn’t need there: “When I co-founded the W3C standard for URL Classification and Content Labeling in 2004,” Walsh told me, “I co-invented the very concept of classifying/labeling folders, user accounts, etc., on the web,” Walsh said. Now he’s the CEO at MetaCert, a business that seeks to cut off the phishing threat directly at its source with a network-based solution for carriers to shield subscribers from SMS phishing attacks. Walsh told me that when it comes to phishing protection, threat intelligence is a fundamentally flawed method. “Relying on historical data is useless—new URLs evade existing intelligence by design,” Walsh advised, adding that it is, in his opinion, the biggest threat in cybersecurity currently. While the advice from Google is certainly not to be ignored by users, in my never humble opinion, Walsh does not agree. Suspicious links and unexpected attachments, as red flags, Walsh claimed, are not only poor warning signs but positively harmful in 2025. With SMS taking over from email as the primary attack vector for phishing campaigns in 2024, Walsh said that “authenticating URLs before delivery” is the only way to ensure they are safe, “without relying on outdated historical data or AI.” For complete details visit OUR FORUM.