Technology is ever-changing, and so are cybercriminals’ strategies. “Educating our customers on the latest trends in security and fraud scams is just one of the many ways we live up to our commitment to being a financial ally,” says Lindsay Sacknoff, head of consumer banking at Ally. “Scams can change quickly, and it’s important to help our customers understand what to watch for in this evolving landscape.”
What can you do to help protect yourself? Start by testing your knowledge, then read on to stay up to date on the latest cyber threats.
Types of scams
Watch out for the warning signs of new and trending scams:
1. Vishing and voice clone scams are on the rise
Voice phishing, also known as vishing, is when scammers replicate harvested voice samples from social media, podcasts and public recordings using AI. They then call you mimicking someone you know and trust in an attempt to obtain personal information.
How to spot vishing
To protect yourself from vishing scams:
Be wary of unexpected requests for money or personal information
Do not trust caller ID
If an alleged loved one calls frantically asking for money, hang up and call the person directly using trusted contact information
Create a safe word that only you and your close family know
2. Phone scams: Smishing and SIM swapping
Smishing, or SMS phishing, is when a cybercriminal sends a text pretending to be someone you know, or a legitimate company. These often include a fraudulent link asking you to confirm information. Another way hackers exploit your smartphone is by SIM swapping, or tricking your phone carrier into transferring your phone number to a new SIM card they control. Also be on the lookout for one time password (OTP) bots, which con people into sharing authentication codes received by text or email.
How to spot phone scams
To protect yourself from smishing scams
Don’t click links in unexpected texts – go to the site or app directly
Check the sender anytime you receive a message asking for sensitive information
Never share one-time codes (OTPs) or PINs, even if the request or requestor is adamant; hang up and call the company directly
Be wary of urgent messages that need you to react quickly
Add a carrier PIN or port-out lock with your mobile provider to block unauthorized SIM changes.
Report suspicious texts to your carrier and delete them.
3. Financial grooming: Pig butchering, crypto & investment scams
Pig-butchering scams are a form of financial grooming. Fraudsters build long-term trust, often posting as friends or romantic partners, then slowly lure victims into fake investment platforms. They may even show fabricated “profits” to convince victims to keep investing. It's a deeply manipulative and devastating crime that combines emotional exploitation with financial fraud.
How to spot investment scams
To protect yourself from crypto and investment scams:
Don’t respond to unsolicited texts or instant messages, even if they look friendly or accidental (“Hi, is this John?”)
Watch for emotional manipulation tactics and constant mentions of money or investment opportunities
Be wary of offers for a refund if you pay an upfront fee
Think twice if the crypto or other investment seems too good to be true — like a contest, prize or “early“ opportunity
4. Always verify: Payment app scams
Scammers can take advantage of third-party payment apps through common scenarios like accidental overpayments or fake fraud alerts. While you can usually contest an illegitimate payment with your bank, it’s more difficult to get a refund from a payment app.
How to spot payment app scams
To protect yourself from online payment scams:
Be wary if someone claims to have sent an “overpayment” to one of your payment apps and asks for a refund
Verify messages that look like they’re from the payment app company by checking your account through the app or website
5. Before you buy: Online marketplace scams
Criminals set up online stores or product listings to trick people into making purchases that either never arrive or are fake. Claims of low prices and hard-to-find items are often used to lure victims.
How to spot online marketplace scams
To protect yourself from online marketplace scams:
Always research retailers and be wary of customer reviews before buying
Be cautious with deals that seem too perfect
Shop from sites that accept secure payment methods
6. Fake jobs, real risk: Employment and work-from-home scams
Receive an unexpected communication like a text or email - claiming you can make big money working from home? If you inquire about the job, the fake employer asks for your sensitive personal information, then uses it to claim your identity.
How to spot employment scams:
To protect yourself from employment scams:
Research employers and look for legitimate employee reviews
Be cautious of any unsolicited employment offers
7. Check before you scan: QR code scams
Scammers create malicious QR codes, distributing them via email, social media or in public places. Scan the fraudulent code, and you’ll be redirected to a site that collects personal information or installs malware.
How to spot QR code scams
To protect yourself from QR code scams:
Only scan QR codes from trusted sources and be cautious of QR codes in unusual locations
Check for signs that a QR code has been tampered with, like a sticker covering the original code
Ensure your mobile device is up to date with the latest software
Use the camera capabilities that come with your mobile device, as many QR code scanner apps contain malware
Access the website directly instead of scanning the QR code
8. Tech support swap: Remote access scams
Fraudsters may pretend to be from a trusted company, like tech support, to gain remote access to your device. They buy ads or compromise legitimate sites, so when you visit, a pop-up is triggered. The pop-up advises you to call your computer’s tech support, which then instructs you to allow them to remote into your computer. Once in the "helpful" representative can log into your bank account and transfer your money, all while you’re locked out.
How to spot remote access scams
To help protect yourself from remote access scams:
Download and install Webroot® SecureAnywhere™ at no cost on up to three devices. While it won’t stop a remote access install, it will warn you about phishing sites and block malicious downloads
Never give an individual remote access to your devices unless you’re speaking with a verified support person
What to do if you’ve been scammed
Digital criminals employ sophisticated tactics to entice victims, so don’t be too hard on yourself. Instead, take action:
Act quickly by reporting the incident to relevant authorities
Contact your financial institution to report the fraud
Change any passwords and disable credit cards to cut off access to your accounts
Being aware and staying informed are your best defenses against digital fraud. Recognize the signs and know how to respond so you can protect yourself and your finances from these evolving threats.
Next in the series
