Google warns about scams: AI security tips and trends | Keryc
Google published a new alert about fraud and scams that are already affecting millions of people worldwide. Does it sound familiar to you to receive a suspicious link, a calendar notice, or a QR code that seems too good to be true? In this report, the company explains the tactics that are working for scammers and what technical and practical measures they recommend so you can protect yourself.
Phishing moderno: AITM, quishing y calendarios falsos
Traditional phishing has evolved. Now attackers use techniques called Adversary-in-the-Middle (AITM) and quishing to intercept sessions and credentials, even bypassing measures like MFA. How do they do it? Sometimes they replicate legitimate login flows to steal passwords and session cookies, or host malicious content on trusted cloud services to evade filters.
We’ve seen concrete practices: Calendar Phishing, where fake renewal notifications are embedded in calendar invites; “invisible” pages inside cloud documents that serve as phishing landing pages; and campaigns like ClickFix that use fake browser update notices to distribute malware.
Google responds by neutralizing infrastructures, deploying protections like DBSC (Device Bound Session Credentials) to protect active cookies, and pursuing phishing kit operators through legal channels. But your behavior matters too: avoid scanning QR codes that arrive by unexpected email and always visit the official site of a service instead of clicking links in notifications.
Safety tip: Never scan a QR received in an unexpected email and, if in doubt, type the official URL into your browser.
Cripto y AI: estafas de inversión con aparente inteligencia
Crypto-related scams keep causing huge losses. In 2025, billions were estimated lost to crypto fraud. Scammers use fake ads and tutorials that promise guaranteed returns or show steps to set up nodes and supposed passive incomes. When people run the recommended code, funds get drained from wallets or malicious software is installed.
Attackers also use QR codes and links in descriptions to direct victims to phishing forms or malicious downloads. Google enforces policies that block ads with unrealistic promises and suspends accounts that impersonate brands, while using predictive analytics to detect emerging patterns.
Safety tip: If a crypto investment sounds too good to be true, it probably is. Don’t copy and paste unknown commands into your terminal.
Estafas móviles y apps que piden permisos excesivos
In the mobile ecosystem, extortion apps disguised as financial tools have grown. Many demand invasive permissions like access to contacts, SMS, or photos, and those data are used to extort or humiliate the victim.
Attackers have learned to pass initial app store reviews: they upload a legitimate version and then update it with malicious code that abuses accessibility services. To fight this, security teams prioritize detecting “sleeping” permissions and audit post-install behavior.
Safety tip: Only install finance apps from official stores. Don’t grant access to your contacts or SMS unless it’s essential for the app’s main function.
Suplantacion de autoridades: llamadas y "arrestos digitales"
There are campaigns that impersonate police or government ministries to pressure and extort. Attackers create mass accounts that look official, send urgent invites or calls, and demand payments or banking credentials. These operations often combine email, messages, and voice or video calls to create panic.
Google combats this by taking down impersonation networks, applying impersonation policies, and requiring developer verifications to reduce fake apps, even for apps installed outside the official store.
Safety tip: No serious law enforcement agency will ask you for payments or credentials via an unsolicited message or call. If someone calls from a personal account claiming to be an authority, hang up and verify through official channels.
Qué hace Google y qué puedes hacer tu hoy
Google uses AI capabilities to detect patterns, block misleading ads, neutralize phishing infrastructure and, when possible, take legal action against malicious operators. They also update policies and tools to reduce vulnerabilities like impersonation and cloud abuse.
But there are practical, quick actions you can take:
Verify links by typing the official address instead of following shortcuts.
Don’t scan QR codes from unknown sources or paste commands into your terminal.
Review app permissions and avoid granting access to contacts or SMS without a real need.
Enable the 'Only contacts can call me' option in Google Meet if you receive unexpected calls.
Use strong authentication and watch for alerts in apps like Google Messages and Phone by Google.
Report scams and save evidence if you were contacted by a potential scammer.
Para terminar
Scams aren’t an isolated technical problem; they’re a social challenge that combines social engineering, platform abuse, and economies of scale. Knowing the most common tactics and applying simple measures reduces risk a lot. Technology helps, but your caution is the first line of defense.
