Google published an advisory about how scams keep evolving, and now scammers are using AI tools to scale their attacks. Surprised? You should be — it’s a global problem that touches everyone: 57% of adults reported a scam in the past year and 23% said they lost money, according to the 2025 Global Anti-Scam Alliance report.

Overview

Google’s security teams see six clear trends: job scams, review extortion, impersonation of AI products, malicious VPN apps and extensions, fraud-recovery scams, and seasonal spikes around shopping seasons. In every case, attackers mix classic social-engineering tricks with automation and AI to build traps that feel believable and work at scale.

Scammers don’t just write messages anymore; they use AI to generate fake pages, voices, and documents that look real.

1. Online job scams

How do you spot a fake job offer? Job scams mimic real company pages, create fake recruiter profiles, and ask for payments for registration or training. Sometimes they tell you to download “interview software” that actually installs malware like RATs (remote access trojans) or info-stealers.

• Warning signs: upfront payments, requests for bank details or sensitive documents before a formal offer, and links that don’t match the company’s official domain.
• What to do: confirm the opening on the company’s official site, check recruiter profiles on LinkedIn, and never download software without verifying the source.

Use 2-Step Verification and watch security alerts in your email to reduce the risk of credential theft.

2. Review extortion

‘Review-bombing’ attacks flood a business profile with fake reviews and then extort the business for money to stop the attack. Small shops are especially vulnerable. What should you do when this happens to a local store you love?

• Don’t pay or negotiate with extortionists: paying only encourages repeat attacks.
• Keep evidence (screenshots, chats, emails) and use official channels to report the extortion.

Google is rolling out ways for merchants to report these attempts directly and remove fake reviews or malicious accounts.

3. AI product impersonation

Attackers exploit excitement around AI by offering “free access” or apps that imitate popular services. They can distribute malicious apps, phishing sites, and extensions that steal credentials.

• Basic rules: download only from official stores, check URLs (watch for typos and look-alike logos), and be suspicious of offers that sound too good to be true.
• Turn on browser alerts and don’t disable your antivirus.

Google removes apps and ads that distribute malware and uses automated detections to block threats.

4. Malicious VPN apps and extensions

Some fake VPNs promise privacy but actually install trojans that exfiltrate data: browsing history, credentials, and funds from wallets. Think of it like hiring a locksmith who later sells copies of your keys.

• Only install VPNs from verified sources and look for official badges in app stores.
• Avoid sideloading and check permissions: a VPN doesn’t need access to your contacts or messages.

Turn on Google Play Protect and pay attention to system warnings when installing software.

5. Fraud-recovery scams

If you’ve already been a victim, be careful: scammers will offer to “recover” your funds for an upfront fee. They often use very convincing pages and documents, sometimes generated with AI.

• Warning signs: demand for upfront payment, pressure to give remote access, or guaranteed recovery promises.
• What to do: verify the identity and official contact of institutions or lawyers, and never share remote access without independent verification.

Protections on Android and in messaging apps try to warn you when a conversation could be part of a second scam.

6. Seasonal scams during holidays and sales

During Black Friday, Cyber Monday and similar events you’ll see more fake stores, fraudulent sponsored links, and fake delivery messages asking for ‘reshipment’ fees. Who hasn’t been tempted by a crazy discount? That’s exactly what attackers count on.

• Practical rules: be wary of extremely low prices, use payment methods with buyer protection, and don’t pay unexpected shipping fees.
• Always verify the seller and avoid clicking links in unsolicited messages.

Pixel users and people who enable Enhanced Protection get extra browser defenses, including local models that improve warnings about malicious sites.

Quick tips to protect yourself today

• Check URLs and domains; don’t trust links shared over social media or messaging without verifying them.
• Don’t pay ransoms, fees to apply for jobs, or extortion for reviews.
• Keep protections active like 2-Step Verification, Google Play Protect, and your antivirus.
• Preserve evidence and report the scam to official channels and authorities.

The threat changes fast, but tools and habits can cut your risk a lot. Good news? You don’t need to be an expert to stay safer: a healthy dose of skepticism and a few simple steps make a big difference.

Original source

https://blog.google/technology/safety-security/fraud-and-scams-advisory-november-2025