The complete guide to scams 2025: learn how to stay safe

While it’s easy to laugh at early 2000s Nigerian prince scams today, variations of them still exist, and they continue to target vulnerable individuals. But modern scams have evolved far beyond email hoaxes. These days, even cybersecurity experts can become victims.

In some regions, entire neighborhoods are reportedly being built to host scam operations – often staffed by people who are victims of human trafficking themselves. As soon as one scam center is shut down, another emerges. With Americans losing over $12.5 billion to scams in 2024 alone, and AI now powering increasingly sophisticated schemes, the risk of financial loss is higher than ever.

So, what types of scams should you watch out for? And how can you protect yourself and your loved ones? For this article, I’ve compiled the most recent and relevant scam trends. Many follow familiar patterns. The challenge is spotting them before they pull you in.

My main advice to keep in mind

• You are not immune to scams. With the emergence of vishing and smishing, seniors or vulnerable people are no longer the main targets. While scammers always try to go for the easiest potential victims, you can part with your money without even realizing that you’re being scammed. It’s proven by the fact that scam rates are rising – 2024 saw a 25% increase in total losses in the US compared to 2023.
• Never engage. The longer you engage with scammers, the likelier it is that you will accidentally share your personal information that they could later exploit. With AI technology, they can record and then mimic your voice to scam your loved ones. Leave scam-baiting to the professionals.
• As soon as they ask for money – it’s your cue to leave. An amazing opportunity awaits – you just need to transfer $500? Hang up. Your beautiful foreign girlfriend needs cash for a plane ticket to visit you? Block. Are you thinking of investing in an offshore oil company? If it’s too good to be true, it’s fake.
• Double, triple, quadruple check. It will be annoying to you and probably everyone you know, but if it will save you from losing money to scammers – who always return for seconds – then it’s worth it. Even if it’s your own child’s voice that’s asking to transfer some funds – hanging up and calling them back would only take a second, but it could easily prove if the call is legitimate.
• Protect your loved ones – even from your own critique. If you feel that your loved one might be trapped in a scam mentioned in this article, be supportive and share this information. Don’t mock them or lose your patience if they won’t be quick to trust your advice – instead, make them question what’s happening or involve authorities.

Types of scams and how they operate

There are multiple types of scams, but they tend to focus on three main categories based on the “hook” or what people want/fear the most.

• Type 1 – appealing to ambition. There’s a reason why get-rich-quick schemes have been so successful for so many years. People want to win, succeed, and become financially secure (or wealthier). This type includes investment, publishing, and crypto scams.
• Type 2 – appealing to fear. A lot of people, particularly mentally vulnerable, do not handle pressure well. Scammers try to exploit this by creating a sense of high-stakes consequences and false urgency. This type includes law enforcement, IT support, and deep-fake ransom scams.
• Type 3 – appealing to loneliness/love. This type is the hardest to wean victims off. Scammers build trusting relationships and get the victim to fall in love before they make their first moves toward obtaining money. It mainly includes romance scams.

Below is a comprehensive list of the main types of scams people face today.

Tech support scam

How it works. Scammers call people, sometimes even spoofing official customer support numbers, pretending to be representatives of a tech company. By using social engineering, they persuade victims to allow access to their devices, where they can install remote controls and steal data from the victim’s personal device. That data can include private files to then blackmail the victim with, or simply access to banking apps.

The way scammers usually hook people in is by creating a sense of urgency and fear. They would claim that your computer has a virus or that the tech company (or bank) noticed some suspicious activity on your account. They might claim that imaginary scammers are gaining access to your data as you speak, and in order to stop them, they have to connect to your device. This way, they create a problem where there isn’t one.

Remember: a legitimate bank will never, ever, ask for your account numbers, PIN codes, or other payment information. They already have it.

Ways to identify a tech support scam. First of all, scammers will pretend to be from some sort of legitimate financial or technology company (Microsoft, Google, PayPal). They will be the ones who will claim that there’s something wrong with your device, though some more clever ones might ask leading questions to get you to admit that something doesn’t work as intended. Then, they will try to persuade you to give them access to your device by answering questions that will help them gain remote control. If you were to encounter such a situation, follow 3 simple rules:

1. Do not engage. Unless you call your bank or tech company, there is no need for them to be calling you. If you feel that the call might be genuine, simply hang up and immediately call back. If it’s a legitimate institution, they will pick up, and you can resume the call. If they’re scammers with a spoofed number, you won’t get a response, or a legitimate institution will pick up with no knowledge of what was just discussed.
2. Do not provide any information. If they were to ask you about your device, do not give them any details. Even if something is wrong, pretend that all is fine with your device. Do not give any login details, and do not follow any instructions. If you’re not sure if these are scammers, follow the guidelines in Rule 1.
3. Damage control. If you or your loved ones have already given them too much information, visit your local legitimate tech support hub to disable remote access. You should also contact your banks and change all the passwords using another, uncompromised device as soon as possible.

Refund scam

How it works. Scammers call or email victims, claiming they’ve been overcharged for their subscription and/or purchase. They would start with something general, rarely naming specific subscriptions or purchases. However, some can name Amazon, PayPal, or other widely used services, hoping it would hit the mark. They use social engineering, expecting that their target would reveal the information themselves.

Once the connection has been established, scammers will share false screenshots or information, claiming that they have “accidentally” refunded too much. Threatening legal consequences or simply applying to their target’s empathy, they would get the victim to send the overcharge back to the designated bank account or, more commonly, by using gift cards.

Ways to identify a refund scam. If you were actually supposed to receive a refund, companies would simply inform you of it and transfer the money to your account. They wouldn’t call you about it, trying to get you to reveal what the refund is for. So, broad language is a clear indicator that they don’t know what you’re supposed to be refunded for. The most obvious sign of a refund scam is the accidental overcompensation. There will always be some mistakes that you, for some reason, will have to solve. But here’s what you should do instead:

1. Do not reveal any information. You can ask questions, like what exactly is it for. But never reveal any details, which also means no guessing.
2. Their mistake is not your problem. No matter how much they plead about potential job loss, threaten to go straight to the police, or accuse you of theft, don’t take it upon yourself to solve their problem. Tell them their mistake is none of your concern, and they should contact their bank to solve the situation themselves.
3. Double-check with your bank. Scammers are highly persuasive, so it’s natural to start questioning whether they’re right. However, you can always hang up the call, check your bank balance, or even contact your bank directly to see if the funds actually reached you. Scammers will, without a doubt, call you back, so you’re under no actual time constraint, no matter how persuasive they are for you to act quickly.

Investment scam

How it works. This one is a bit harder to identify as a scam because the scripts tend to be really persuasive, and some scammers even create platforms that look completely legitimate. It can go either way: either a potential victim comes across a legitimate-looking website that’s bait for an investment scam, or victims get approached by scam callers.

Scammers present an investment opportunity that promises huge gains. It’s also how they persuade people to transfer money first. More elaborate scams involve custom investment websites that people would deposit money in, except that if they tried to cash out, it wouldn’t let them.

Ways to identify investment scams. It can be difficult to separate real investment opportunities from fraudulent ones, but there are key things to look out for:

1. You are approached about investing without showing the supposed company prior interest. Scammers know human psychology, and if you thought about investing but didn’t actually attempt anything yourself, they know how to reel you in. Rejecting all potential investment calls if you haven’t shown them prior interest is the way to go.
2. There’s no information about the supposedly successful company. The website might look great and even post videos and keynote speeches. But if there are no discussions about it in forums like Reddit and no references to it by publications, then it’s probably a scam. Do not trust social media sites – they can have bots comment on their posts and stop legitimate warnings.
3. If you do get involved – start small. It’s worth noting that you should never transfer any funds to any accounts. This advice is only related to elaborate scams that have their own websites and investment platforms. If you are tempted by a platform, invest a small amount, and then try to withdraw it. If it poses impossible hurdles – that’s your cue to stop.

Romance scam

How it works. This type of scam is the most difficult to persuade the victims to cut ties with. Morally, it’s beyond reprehensible because these scams rely entirely on the emotional connection the victims form with their fraudsters. I personally know of a case where the bank was not able to persuade an elderly man that his wealthy foreign girlfriend is a scammer – he still sent thousands of euros, believing that he’s helping his loved one out. These types of scams can affect anyone, of any age.

The time it takes for romance scammers to start asking for money is also significantly longer than most other types of scams. Their main targets are lonely people of at least middle-class backgrounds. While seniors are a popular target, people of all ages can be affected by it – scammers are very adaptable to their target’s background. Once the victim is emotionally invested, scammers will begin to ask for money for travel to meet the victim (which never happens), to solve some personal troubles, or as an enticing investment opportunity.

Ways to identify romance scams. It’s really difficult to identify these types of scams, as victims are usually in too deep emotionally by the time money requests begin. At first, it may seem like a genuine connection over social media. Scammers can even use fake videos/images or AI video call filters to prove their legitimacy. Some simplistic romance scams can involve scammers pretending to be in the military, as it helps them avoid video calls and in-person meetings. While love is blind, following a set of rules can help avoid being scammed:

1. Try to arrange in-person or impromptu video calls as soon as possible. If you’re forming a connection with someone online, ask if they’re home and call them randomly. If, for some reason, they’re never able to quickly pick up – that’s a red flag. Meeting in person early on is also important, but if they live far away, never pay for their travel expenses.
2. Come up with excuses why you can’t give them money. Sooner or later, scammers will always ask for money. Come up with some excuse why you can’t help them out or can’t invest in their scheme. Not even $10 or less. If suddenly their interest fades – you’ll know that it was never real, but at least you’ll have all of your savings intact.
3. Don’t be afraid to question them. Most of the time, scammers would try to brag about how well they live. They might show you their house or car, talk about their successful business, and other valuables to try to persuade potential victims that they are well-off. Eventually, they’ll start asking to invest in some scheme – simply state that you’re not interested. They might also claim to have fallen on hard times, in which case, suggest that they sell those valuables that they bragged about to pay for travel expenses and come live with you. I guarantee they won’t show up at your door.

Hotel/travel scam

How it works. I personally looked at a fair share of holiday deals, thinking how great it would be to visit faraway places for a fraction of the normal cost. After all, who doesn’t love a good deal? Well, scammers know that, and they’ve made themselves quite comfy in the hotel/travel scheme. There are several ways they bait people into getting scammed: create fake hotel/flight listings, send out phishing emails to confirm registration or claim refunds, create whole fake travel agencies, or even use similar domains to impersonate legitimate sites.

Ways to identify hotel/travel scams. There are a few practices you can adopt to avoid becoming a victim of a travel scam:

• If it’s too good to be true… Well, you know the answer to that. While not impossible, it’s highly unlikely that flights halfway across the world would cost as much as a restaurant meal. Nor would a 5-star resort package holiday cost less than $100 total. It’s good to chase deals, but be reasonable about what’s possible in the current economic climate.
• Avoid unknown travel agencies. Sure, there could be some up-and-comers in the industry, but don’t invest more in them than you would care to lose. Established agencies are here for a reason – it means they have years of reliability under their belts.
• Always double-check the website. Since fraudsters can create similar domain websites that would look exactly the same, make sure you have the right website before you make any online payments. A sponsored tag isn’t always an indicator either – I’ve seen scam websites outrank legitimate ones in Google search simply because they were sponsored.
• Don’t rush to claim refunds. Check that the email that sent you reservation changes or cancellations is the same as the one that sent you flight/hotel information when you first booked it. If the link asks you to enter personal details, double-check through the travel app or the official website whether travel circumstances actually changed.

Movie/publishing scam

How it works. This scam targets creative people and those who may have wished for years for their work to be acknowledged. Scammers approach writers claiming to be a studio representative (using legitimate-looking contacts or even real studio logos), saying that they want to adapt the writer’s book into a feature film. Of course, the writer is supposed to cover some “minimal” costs. Naturally, once the scammers get paid, there’s no movie ever made.

Budding writers are also a target. Scammers pretend to be representatives from a publishing house or use fake websites that wannabe authors confuse for legitimate publishers and submit their work to, promising to release the book. They always sound very authoritative and competent, even capable of drafting preliminary contracts. Of course, they would demand that the person contribute financially.

Trust me, as someone who’s just gone through the publishing process: they pay you, not the other way around. They will probably never pay you thousands of dollars upon signing the contract, but they would never ask you for money.

Ways to identify movie/publishing scams. If you’re familiar with publishing procedures in some way, these scams are not difficult to identify. Here are the key things to look out for to avoid these types of scams:

• Unless you reached out first – it’s a scam. If you only thought of a book idea but never actually contacted any publishing houses, there’s no reason for their representatives to telepathically read your expectations and call you first. The only exception to this is if you’re an established author and there’s a legitimate interest in adapting your book to the big screen, but in that case, follow the next guidelines.
• They ask you to cover some costs. They might present it as a very reasonable request, giving you all kinds of logical details, but the fact remains – legitimate studios/publishers do not ask for money. Ever. The only exception is self-publishing, but then you don’t need a publishing house for that.
• Contacting legitimate corporations shows no prior communication. Sometimes scammers pretend to be from famous studios and publishing houses, like Penguin. But if you were to contact them directly about the deal you’ve been discussing with their representatives, and they do not respond or respond claiming no prior knowledge – it’s immediate proof of fraudulent activity.

Phishing

How it works. These types of scams are worth their own section. Modern phishing is so elaborate that even Jim Browning, near-legendary scam-baiter and hacker, once fell for one. Phishing is the reason why whole corporations get massive data leaks. Essentially, if you’re a human and ever use the internet, you can become a victim of phishing.

Phishing can take many forms, as discussed previously, but the main ones circulate via email and social media. Sometimes, the danger is only present when you enter personal or payment details. Other times, simply opening a website is enough for your device to be compromised.

Ways to identify phishing. Simple phishing is easier to spot: the links are weird and full of letters and numbers rather than normal domains. Emails would have grammatical errors. They tend to be vague, like “Check this out” or “Can you fact-check this form? I need your advice on it.” However, modern, AI-driven phishing is harder to spot. Nevertheless, there are signs:

1. Double-check with the sender separately. AI can scrape public info (like your name, job, or recent activity) to craft emails that feel eerily accurate. Be wary of messages that know things you didn’t share directly with the sender, especially if they're asking for action. Use SMS to respond to the social media message, or message your colleague/email them separately to double-check if they really need the information requested.
2. Hover over the links. Modern website link modification can be very subtle. Hovering over links can show some signs that they could be fraudulent. For example, paypal.com would have a capital i instead of L. There could also be links placed on QR codes or buttons.
3. Confirm sender identity. ​​AI-driven scams can mimic company branding perfectly. But email addresses are often slightly off. Check domain endings like “@support-amazon.help” instead of “@amazon.com.”
4. Take your time. Work can be stressful. But a company-wide data breach would be even more stressful. Don’t get pressured by time-sensitive stressors, and take your time with them.
5. Unusual requests. You got a password change email despite not attempting to change your passwords? Received an “Updated invoice” attachment? Ignore or report to your workplace’s security department.
6. Avoidance is not always the best defense. Sometimes, falling for elaborate phishing attempts can be unavoidable. To prepare for those circumstances, safeguard your device in advance. Enabling multi-factor authentication, never clicking on links from unknown sources, and double-checking with legitimate senders can be ways to protect yourself from damaging phishing effects.

Other types of scams

Scammers are constantly innovating, so there is a whole variety of different types of scams. Below is a brief list of other common modern scams.

Type of scam	Brief description
IRS/utility/law enforcement	Scammers pretend to be IRS agents threatening arrest, power company employees threatening to cut off utilities unless paid, or law enforcement figures demanding to pay a fine.
Lottery/prize	Fraudsters will claim that you’ve won the lottery or a prize, but demand to pay some fees to receive it.
Warranty	“We’re calling to discuss your extended warranty” type of scams.
Government Grant schemes/Social Security	Scammers claim that you qualify for a government grant, but demand to pay a fee.
Job offer	Fake job offers that require payment for training or equipment.
Charity	Fake charities demand donations, but they’re not officially registered.
Sextortion	Scammers illegally obtain private files or trick a potential victim into sending those willingly to then threaten to expose the victim if not paid money.
Fake products	Scammers selling products that do not exist.

What is vishing and smishing

Vishing and smishing are types of phishing, but vishing is conducted through voice calls, while smishing is done via SMS. Examples of all three would be:

• A suspicious email from your colleague full of grammatical errors, requesting that you open a link – that’s phishing. I once fell for a phishing attempt when someone I know had their social media account hacked and sent me an ordinary-looking message asking me to check the website out.
• A member of the police calls you saying that you have unpaid parking fines and you should transfer money ASAP – that’s vishing. AI can be used to record people’s voices during a simplified scam call to then target their colleagues or family members. My cybersecurity colleague almost fell for it once, claiming that everything, from voice to request, seemed very ordinary.
• You get an SMS from your bank asking you to log into your account, but the link is not your bank’s actual website – that’s smishing. I got these once or twice, usually attempting to get me to log into a website to claim my parcel (despite not having ordered anything).

What to do if you/someone you know already fell for a scam

A lot of times, people refuse to ask for help because they find the fact that they fell for a scam embarrassing. However, there’s nothing to be ashamed about. Scammers are experts at social engineering and can be very clever/persuasive. So, if you suspect that you may have fallen for a scam, speed is of the essence.

First, contact local authorities or even the FBI, they can help you in separating from scammer’s clutches. Next, contact your bank and make sure they stop all transfers or suspicious activities. Finally, change passwords for all your personal accounts using a reliable device. It’s important to use a different device from the one scammers got access to. You should also expect to never see your money again. Claiming it back from scammers who may be thousands of miles away is virtually impossible.

If someone dear to you has been involved in a scam, it’s important to be supportive. Do not try to criticize them, even if they are being unreasonably stubborn. Ask questions that would make them rethink the situation. Involve authorities who could explain the situation to your loved one from a position of authority. You can let them read this or other articles about a specific scam they’re involved in so they can come to their own conclusions. Finally, once they see that they might have been scammed, help them secure their finances and accounts. Changing email addresses or phone numbers should also be considered.

Final thoughts

Anyone nowadays can become a victim of a scam. And it’s not just people the elderly – Gen Z is known to be even more susceptible to scams than Baby Boomers. It’s not surprising either. With AI technology, scammers can recreate whole websites or even steal your voice for imitation. Phishing links can be practically indistinguishable from genuine ones. However, knowing what to expect and being aware of the signs can help reduce the risk of becoming a victim to a scam.

While scammers claimed over $12 billion from their victims in the US in 2024 alone, the future seems promising for minimizing the risks. Apple iOS 26 added voicemail spam reporting, and Hiya launched an AI assistant that should filter scam and deepfakes. Email and software companies are also not far behind, gradually improving their spam detection. Governments also hate scammers, so call centers are regularly raided and sometimes completely shut down. So, with this sort of help and your own vigilance, it’s possible to avoid falling even for modern scams.