A new way we’re helping others track frauds and scams online
Scams have been increasing in volume and complexity. They are often carried out by transnational crime organizations: bad actors who operate at scale, constantly adapt their methods, and combine online and offline activity to lure people into their fraudulent schemes.
Our Trust & Safety (T&S) teams at Google are responsible for tracking and fighting scams, and sharing our observations and the information we glean with others — to protect the public and broader digital ecosystem.
To raise awareness about the risks, and to share the latest tactics used by scammers and criminals, we’re launching a regular online fraud and scams advisory. To start, here are five recent scam trends:
1. Realistic public figure impersonation campaigns
The rise of accessible deepfake technology has enabled scammers to create sometimes-convincing public figure impersonation campaigns. These schemes often misuse multiple tools — including AI — to generate content that impersonates public figures across platforms with a view to leveraging their credibility and reach. These impersonations often promote fraudulent offerings ranging from high-return investments to fake giveaways and harmful apps. These scams are complex, blending traditional impersonation and investment fraud, while attempting to exploit multiple products as part of a single campaign.
In 2024, we updated our Misrepresentation Policy to address public figure impersonation scams in Google Ads, and when we find violations of this policy, we suspend Google Ads accounts. YouTube has long-standing policies prohibiting technically manipulated content that misleads viewers and may pose a serious risk of egregious harm. And, we develop open tools like SynthID to watermark and identify AI-generated content.
Safety Tip: Look out for unnatural expressions in the content you see or strange promotions from public figures. Deepfakes often have trouble making faces look totally natural which can be a first indicator of synthetic content.
2. Crypto investment schemes
Our teams have also seen fraud and scams related to crypto investment schemes with promises of too-good-to-be-true returns. These scams sometimes leverage hyper-realistic impersonation, with videos or images appearing to imply affiliation with a trusted public figure, app or brand. Many of these schemes originate from organized crime entities outside the country where victims are based, presenting a challenge for law enforcement.
Google has robust policies aimed at combating crypto investment scams, and more broadly, protecting users from financial harm. These policies include dedicated policies and enforcement processes covering advertising and app distribution.
Safety Tip: Be skeptical of any investment that promises guaranteed or extremely high returns with little or no risk. If it sounds too good to be true, it probably is.
3. App and landing page cloning
App and landing page clone scams deceive users by directing them to landing pages that differ from their intended destination but closely resemble the trusted brand’s web page or app. These deceptive pages often mimic the appearance of legitimate websites to trick users into divulging personal information, downloading malware or making fraudulent purchases. Tech support scams are a frequent tactic used by these scammers. Scammers create fake landing pages that closely mimic official customer support sites, tricking users into providing sensitive information or making payments for non-existent services.
In recent months, employee and third-party services login portals have become a prime target for scammers. Bad actors create deceptive replicas of legitimate login pages to trick employees into divulging their sensitive credentials — a technique historically used by cyber criminals to gain access to corporate environments. By exploiting the trust employees have in their company's login process, scammers can gain unauthorized access to internal systems, potentially leading to data breaches, financial loss and reputational damage.
This behavior violates our social engineering (phishing and deceptive sites) policy. We also restrict ads globally from third-party technical support providers, and we don’t allow impersonating apps.
Safety tip: Always try to find information on a company's official website. It’s important to be wary of information from unofficial sources, and look closely for subtle misspellings, strange formatting, unusual fonts or random emojis — these could be red flags for a fake site. Before diving into a website, use Google's "About this result" feature (those three dots next to a search result). It gives valuable insights about the source which can help you see whether it is a legitimate landing page.
4. Landing page cloaking
Scammers are using deceptive tactics like cloaking to present different content to Google compared to what a user sees. Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users. The landing pages often mimic well-known sites and create a sense of urgency to manipulate users into purchasing counterfeit products or unrealistic products.
Additionally, we’ve seen a cloaking trend that redirects users via tracking templates. Scammers often use tracking templates to redirect users clicking an ad to scareware sites. The scareware tactics trick the users to believe that their computers are infected with malware or their operating system is blocked due to questionable activity, and lead them to customer support sites ultimately tricking users to provide sensitive information.
Google has dedicated policies prohibiting landing page cloaking and we have policies on Ads prohibiting systems which are designed to circumvent our policies.
Safety tip: Take note of the URL displayed to you before you click, then double check the landing page you ended up on to be sure it is exactly the same. You should also enable Enhanced Protection on Chrome.
5. Exploitation of major events
Malicious actors are not only misusing AI to conduct new types of scams, but also to enhance well-established fraud techniques, such as those exploiting significant events. Scammers frequently target elections, popular shows, sporting events, and humanitarian disasters with scams and fraudulent campaigns promoting fake products and services. By using AI tools, scammers are able to respond quickly to breaking news, making fraudulent appeals seem more credible and timely.
Recent examples of this type of scam include the April solar eclipse which triggered a surge in scams, with scammers exploiting the event by promoting deceptive products, including products falsely claiming affiliation with NASA. Scams related to natural disasters have also been common throughout the year, for example fake charities aiming to defraud people seeking to contribute to relief efforts.
Google has dedicated sensitive events policies including for Ads, monetizing on YouTube and Play which prohibit products or services that exploit, dismiss, or condone the sensitive event, or that use keywords around a sensitive event in an attempt to drive traffic.
Safety Tip: Make donations and purchases only through established platforms and verified websites when a major event occurs.
Our ongoing commitment to user safety
Preventing user harm from malicious scams requires effective cooperation across the online ecosystem. Bad actors are constantly evolving their tactics and techniques. And we’re sharpening our detection and enforcement techniques to meet these threats, enhancing our proactive capabilities, and ensuring we have robust and fair policies in place to protect people. We are committed to keeping users and the ecosystem informed and updated on the latest trends and techniques. You can report scams on our platforms on our help center.
