Phishing scams have evolved well beyond the old “payment failure” or “delivery issue” emails. Scammers now use far more sophisticated tactics—spoofing legitimate email addresses, creating fake QR codes, and even posting fake job listings. Here are some of the latest tricks they use to deceive people.
Blending characters in the email ID
A few years ago, spotting a fake email address was simple—you could often tell just by glancing at the email domain. But scammers have gotten much better at disguising them. They now blend letters and symbols to look authentic—for example, using “rn” instead of “m” in “Microsoft,” swapping “1” for “l,” or adding subtle dots and dashes that are easy to miss.
That’s why you should look more closely before trusting an email sender. Carefully check …
Phishing scams have evolved well beyond the old “payment failure” or “delivery issue” emails. Scammers now use far more sophisticated tactics—spoofing legitimate email addresses, creating fake QR codes, and even posting fake job listings. Here are some of the latest tricks they use to deceive people.
Blending characters in the email ID
A few years ago, spotting a fake email address was simple—you could often tell just by glancing at the email domain. But scammers have gotten much better at disguising them. They now blend letters and symbols to look authentic—for example, using “rn” instead of “m” in “Microsoft,” swapping “1” for “l,” or adding subtle dots and dashes that are easy to miss.
That’s why you should look more closely before trusting an email sender. Carefully check for character blending or minor spelling variations. If something feels off, copy the email address, paste it into a text editor, and add spaces between each character—you’ll often spot the trick instantly. Also, ensure you’re not fooled by spelling errors or similar-looking characters.
Deceptive collaboration proposal
A few days ago, I got an email that instantly grabbed my attention. The sender claimed to have read one of my articles and was impressed by my work. Pretending to be an Amazon employee, they said they wanted to collaborate. At first glance, everything appeared legitimate—the tone was professional, and the formatting was well done.
Even the attached image, featuring logos and friendly compliments, made it seem all the more convincing. I’ll admit, even as someone who studies and writes about online scams, it nearly fooled me. They’d even added a LinkedIn link “for verification.” But before clicking, I decided to inspect the embedded link—and sure enough, it was a phishing attempt.
It was a valuable reminder that no one is entirely immune to online deception. When an email feels overly flattering or urgent, pause and verify before clicking anything.
Business email compromise
Business Email Compromise (BEC) is one of the most deceptive scams around. Instead of sending generic phishing emails, scammers act as trusted individuals—such as company executives, vendors, or business partners—to deceive employees into transferring funds. These emails often look completely legitimate, mimicking real signatures, writing style, and domains.
A single swapped letter or domain variation can easily go unnoticed. The risk rises when the email appears to come from a CEO or senior manager demanding urgent payment—most employees won’t hesitate to comply. This misplaced trust leads to financial losses. So, always verify any unusual payment or data request through a separate, secure channel.
QR code personal phishing
Credit: Lucas Gouveia/How-To Geek | Marina Demeshko/Shutterstock
QR code scams are becoming more common—and harder to spot. Scammers can place fake QR codes on flyers, posters, or even restaurant tables. Some might even come to your doorstep pretending to deliver a package and ask you to “scan to confirm delivery” for an item you never ordered. The moment you scan, the code can install malware or steal your data.
Online, these fake codes often appear in emails, messages, or social media posts that look real. They might lead you to fake payment pages or login sites. Always double-check where a QR code came from. Avoid scanning codes from strangers or unexpected deliveries, and never enter sensitive details after scanning one unless you’re sure it’s legitimate.
Fake-job luring scam
Scammers also lure victims with fake job offers or ads to steal money and personal data. They often promise high salaries, flexible schedules, or “easy” remote work—then ask for upfront payments for training, equipment, or background checks. Others request personal details such as IDs, bank information, or tax documents early on to commit identity theft.
Some even conduct fake “online interviews,” asking you to join through niche apps or links that secretly install malware. Always verify the company and job listing through official career pages or by contacting HR directly. Never pay for a job application, share sensitive details, or download unfamiliar apps for interviews. If something feels off, it probably is.
Scammers now also exploit cloud storage and documents to deliver phishing scams that look completely legitimate. You might get a shared file titled “Payroll_Review_2025” or “Q4 Strategy Update.” Since it’s hosted on Google Drive, it appears trustworthy—but opening the document or clicking a link inside can redirect you to a fake site or install malware.
To protect yourself, avoid opening unexpected shared files, no matter how professional they seem. Always verify the sender’s full email address, not just the display name. If you need to review the file, access it directly in Drive instead of using the link in the email. Hover over links before clicking, enable two-factor authentication, and periodically review your sharing settings.
Cybercriminals are getting more innovative and more inventive at making us drop our guard. Spotting typos or odd links isn’t enough anymore—scams now look polished and familiar. That’s why you’ve to double-check every message, link, or sender before you engage. The tips above can help you stay sharp and one step ahead.