Nov 06, 2025

Google’s Trust & Safety teams are sharing observations on the most recent online scam trends, along with tips to help you stay safe.

Scams continue to be a persistent global challenge, fueled by sophisticated transnational crime groups who seek to exploit vulnerable people online for financial gain. The problem is global in nature, takes place online and offline, and cuts across all demographics: The 2025 Global Anti-Scam Alliance “State of Scams” report, which surveyed 46,000 people globally, found that 57% of adults experienced a scam in the past year, with 23% reporting money stolen. As the threat landscape evolves, our teams observe that scammers are increasingly misusing AI tools to efficiently scale and enhance their schemes. At Google, we are committed to protecting our users and the wider ecosystem. That’s why our teams leverage the latest in AI capabilities to prevent, detect, and respond against evolving scam tactics — and we regularly publish updates to share our observations with others.

Our latest scams advisory describes both recent and seasonal scam trends identified by our analysts.

1. Online job scams

Online job scams, where fraudsters impersonate legitimate job-seeking platforms to target vulnerable job seekers, are rising.

These campaigns involve impersonating well-known companies through detailed imitations of official career pages, fake recruiter profiles, and fraudulent government recruitment postings distributed via phishing emails and deceptive advertisements across a range of platforms.

Scammers demand upfront registration or processing fees while simultaneously using fake application forms and fraudulent video interviews to harvest sensitive banking details and personal identification documents. The schemes frequently serve as ways to deliver complex, harmful software, including Remote Access Trojans (RATs) and info-stealers disguised as interview software or application materials. Victims face severe consequences ranging from financial theft and identity fraud to system compromise that enables credential harvesting and corporate network infiltration.

Google’s Misrepresentation policy strictly prohibits fraudulent ads, including those that impersonate businesses or offer fake job opportunities. To protect users, Google Messages Scam Detection detects scams, Gmail protections automatically detect phishing and scam emails, and security features like 2-Step Verification help secure accounts against credential theft.

Remember that a legitimate company will never require upfront payments or training fees to secure a job. Confirm a posting’s authenticity and be cautious about providing sensitive information like banking details or social security numbers, and never download application materials or software without first verifying the instructions and source through the company’s official channels.

2. Negative review extortion schemes

Malicious actors might try to extort businesses by orchestrating attacks using inauthentic negative reviews. This scheme begins with a practice commonly known as “review-bombing,” where bad actors try to circumvent our moderation systems and flood a business’s profile with fake one-star reviews. Following this initial attack the scammers directly contact the business owner, often through third-party messaging apps, to demand payment. They threaten that if the business fails to pay the fee, the negative reviews will remain, or the attack will escalate and further damage the business’s public rating and reputation to coerce the victim into paying the extortion demand.

Google Maps has clear policies prohibiting fake engagement, harassment, extortion and other harmful content — and we actively monitor for, block and remove violations. As part of our ongoing investments to fight bad actors, we are currently rolling out a new way for merchants to directly report extortion attempts to us so that we can take swift action against malicious actors.

To protect your business from negative review extortion, never engage with the bad actors or pay the ransom, as this only encourages further attacks. Instead, immediately report the malicious activity using the official merchant extortion report form, and be sure to preserve all records (screenshots, emails, chat logs) of their demands as evidence for law enforcement.

3. AI product impersonation scams

Cybercriminals are exploiting the widespread enthusiasm for AI tools by using it as a powerful social engineering lure. Threat actors create sophisticated scams impersonating popular AI services, promising “free” or “exclusive” access to ensnare victims. These fraudulent offers manifest as malicious mobile and desktop apps, credential-stealing phishing sites, “fleecewear” apps with exorbitant fees, and malicious browser extensions. Scammers promote these traps using advanced tactics, including cloaked malvertising, hijacked social media accounts and malicious code in software repositories. For victims, the consequences range from info-stealing malware and financial loss to compromised corporate networks and business account takeovers, ultimately undermining trust in the entire AI ecosystem.

Google prohibits ads that distribute Malicious Software and enforces strict rules on Play and Chrome for apps and extensions. On Google Play, our Impersonation and Deceptive Behavior policies actively remove apps that mimic legitimate AI services. The Safe Browsing’s Enhanced Protection mode in Chrome is powered by AI and provides real-time warnings to protect users from visiting malicious sites and downloading fraudulent apps or extensions.

Download only from official app stores and domains; double-check the URL (look for subtle misspellings or lookalike logos). Be skeptical of “too good to be true” offers of free versions of licensed software. Pay attention to download warnings from your browser and do not disable antivirus software.

4. Malicious VPN apps and extensions

Threat actors distribute malicious applications disguised as legitimate VPN services across a wide range of platforms to compromise user security and privacy. These actors tend to impersonate trusted enterprise and consumer VPN brands or use social engineering lures, such as through sexually-suggestive advertising or by exploiting geopolitical events, to target vulnerable users who seek secure internet access. Once installed, these applications serve as a vehicle to deliver dangerous malware payloads including info-stealers, remote access trojans and banking trojans that exfiltrate sensitive data such as browsing history, private messages, financial credentials and cryptocurrency wallet information.

Android and Google Play leverage Google’s machine learning algorithms to detect potentially harmful apps. Users can turn on Google Play Protect to help keep apps safe and data private. Additionally, Google Play Protect’s enhanced fraud protection pilot analyzes and automatically blocks the installation of apps that may use sensitive permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps or file managers).

Only download VPN apps from official sources, and check for apps with the VPN badge in Google Play. Be skeptical of free offers and avoid sideloading unknown apps. Users should look carefully at the app’s requested permissions — a VPN should not need access to things like your contacts or private messages. Always pay attention to browser download warnings and keep your antivirus software enabled.

5. Fraud recovery scams

Fraud recovery scams target individuals who have already been victimized by previous fraud and exploit them with false promises of asset recovery. In these secondary fraud schemes, scammers pose as a variety of authoritative entities such as blockchain investigators, law firms, government agencies and hackers-for-hire. Bad actors often reach their targets through online advertising or by using lists of prior victims, and promise that they can reclaim a victim’s lost funds in exchange for an upfront fee. These operations are growing more sophisticated over time through high-quality fake websites and realistic documents — sometimes bolstered by generative AI to instill false credibility. This scam results in particularly devastating consequences for victims by compounding their financial and emotional trauma of losing potentially thousands of dollars more on top of their initial scam losses while adding the risk of identity theft.

Android provides advanced scam notification protections to shield users from secondary fraud attempts, this includes scam protection in Google Messages and Phone by Google. This technology delivers real-time warnings to users before a conversation turns dangerous or involves the sharing of sensitive information, preventing them from engaging with follow-up fraud attempts.

Be skeptical of unsolicited contact — ads, calls or emails — from someone who claims they can recover funds you previously lost to a scam, and never grant them remote access to your device or accounts. Legitimate recovery entities, like government agencies or law firms, will never demand an upfront fee to begin or guarantee asset recovery. Always independently verify the entity using their official website and contact information instead of relying on the details they provide.

6. Seasonal holiday scams

Scammers tend to increase fraudulent activity during major holiday and shopping periods, such as Black Friday and Cyber Monday, by exploiting heightened consumer demand and urgency. These seasonal campaigns are designed to lure unsuspecting shoppers with deceptive offers, leading to widespread financial theft and data compromise.

Scammers employ a broad range of sophisticated tactics to create and promote fake online storefronts that appear as sponsored links and impersonate well-known brands, run deceptive ad campaigns, such as hijacking competitor brand terms for Black Friday sales or promoting misleading “too good to be true” discounts on social media platforms. This period also sees a surge in targeted phishing and smishing campaigns, where scammers impersonate delivery services to demand fake redelivery fees, or promote fake prizes and rewards.

Google has strict policies against Misrepresentation (Ads, Shopping) and Counterfeit Products (Ads, Shopping) to block deceptive “too good to be true” deals and brand impersonation. This shopping season, Google is fighting package tracking scams with new protections. Users of Google Pixel 9 and later devices who opt-in to Enhanced Protection in Chrome will get extra defense via local Gemini models and Safe Browsing. Additionally, we recently shared new protections against these types of scams for Google Messages users.

Beware of “too good to be true” deals, excessively low prices and large discounts that seem drastically cheaper than anywhere else. Be wary of unexpected delivery texts or emails urging immediate action or demanding a fee. Use secure payment methods with buyer protection, such as a credit card, whenever possible.

We hope this latest advisory helps you stay safe in an evolving threat landscape. For more on the latest ways Google is keeping you safe from scams, check out our recent blog on scams protections and visit our help center for more on avoiding and reporting scams.