Hari Ravichadran, founder and CEO of the online safety product Aura, recently got a front-row seat to a sophisticated scam designed to turn him into a victim of fraud.
He and his team are regularly targeted by scammers, but this scheme was so well-conducted that it gave the normally skeptical Ravichadran pause.
The play went like this: A scammer seemingly stole someone's identity and used it to share a heart-wrenching story. The pretend victim claimed that the bank mistakenly wired Ravichadran her alleged family's down payment for their new home. They urgently wanted Ravichadran to wire back the money he supposedly received.
The would-be thief contacted not just Ravichadran, but also multiple company executives. The scammer communicated through what looked like a legitimate email address and social media profiles, and had accurate information for Ravichadran. They even invited him and his legal counsel to meet on Zoom with a bank employee in order to sort things out.
Ravichadran knew better than to reflexively trust what he'd been told. But, like most people, he also worried what might happen to the woman if she was telling the truth.
Of course, things quickly fell apart when his lawyer joined a Zoom call with the purported bank employee. The individual appeared on camera for a split second and the conversation eventually became nonsensical. The lawyer suspected they were speaking to an AI-powered deepfake.
Ravichadran says the attempt demonstrates just how savvy scammers have become. Unlike past generic efforts, schemes are now often very personal. That's because scammers may have access to information from data breaches as well as details available on social media or other public platforms, including where you work and the identity of your friends.
Scammers are also leveraging technology to reach people faster and more efficiently. They can now use auto-dialling software connected to an AI chatbot, complete with local or regional accent, to call your phone number.
In general, Ravichadran advises consumers to assume they're not being told the truth when assessing inquiries like the one he received.
"I think you go to it from a place of distrust," Ravichadran says. "If you go from a place of, 'Hey, this is probably true, let me see how to make it work,' you're going to get taken."
Ravichadran says technological advancements will be one of the defining features of how people are scammed in 2025. But bad actors have focused on certain types of fraud that are likely to become even more prevalent next year.
Here's what you need to know:
Cryptocurrency scams
If there's a way to steal people's money through a cryptocurrency scheme, thieves will find it. That's increasingly true as crypto becomes more mainstream and hits milestones, like Bitcoin passing the $100,000 mark, Nick Biasini, head of outreach for Cisco Talos Intelligence Group, says.
One well-established con is so-called "pig butchering," in which a scammer grooms someone digitally over a period of time and then asks them for crypto. (Interpol recently recommended abandoning that term and instead adopting the phrase "romance baiting," which carries less stigma.)
The scammers' alleged purposes vary from helping the victim invest in crypto to helping the scammer pay for fictitious costs, like medical care. These bad actors are typically looking to score a windfall over time or all at once; average losses are hundreds of thousands of dollars, according to the Internal Revenue Service.
Less well-known crypto scams revolve around confusion about the currency, says Biasini.
Newcomers to buying or investing in crypto might fall for a scam that starts on social media, when that individual asks for help learning more. Scammers are waiting for posts just like these and will reply with friendly offers that end in financial losses.
Bad actors also take advantage of people who've lost their money by posing as experts who can help them get it back. Their end game, though, is just the same: make off with more of the victim's cash.
Celebrity-backed crypto can be a dangerous investment, too. The recent Hawk Tuah memecoin pump-and-dump scheme demonstrated what happens when a famous person encourages their followers to purchase their memecoin. Insiders close to the celebrity, who bought the memecoin privately for less, sell it as soon as its price spikes, ultimately crashing the value.
Since crypto is rife with scam risk, Biasini recommends exploring the currency with the help of a certified professional who can help you safely invest in it. In general, it's best to stick with well-known exchanges, and avoid social media discussions about crypto in which you share any personal information or data.
Multifactor authentication scams
Multifactor authentication is a security measure designed to provide consumers with greater protection for their personal accounts. But Cisco Talos Threat Intelligence has noted more attempts to fraudulently bypass that security step.
Some criminals are attempting to do that by stealing cookies, or data sent by a website to your computer, that contain their login credentials and allow them to access a victim's email, according to a recent warning from the FBI Atlanta division.
Once the thieves are able to view the email account, they can try logging into that victim's various other online services, including bank and shopping accounts. When the services send the multifactor authentication code via email, the criminal will be able to use it.
The FBI Atlanta division encourages people to regularly clear their Internet browser cookies, consider the risks of checking "remember me" when logging into a website, and only visiting sites with a secure connection in order to prevent your data from being intercepted.
Criminals use other methods, including phishing, to relay mutlifactor authentication codes to themselves in order to access victims' financial and consumer accounts. Beware of digital messages and phone calls that ask you to provide critical login information that you would otherwise enter yourself.
Business phishing scams
Scams that target workplaces are on the rise, according to both Ravichadran and Biasini. Typically these efforts focus on higher-level employees, like the CEO or CFO. Much like Ravichadran experienced, the fraudulent requests involve urgently wiring money into the bad actor's account.
Biasini says that the emergence of large language models (LLMs), like the kind that power OpenAI's ChatGPT, have made it easier for scammers to create prompts that sound very convincing.
Ravichadran notes that these scams often leverage multiple channels of communication, like email and social media messaging. They may use stolen accounts, so that the bad actor appears to be legitimate. They've also typically collected enough information about their target that they're able to demonstrate some level of familiarity — and credibility.
These tactics are becoming widespread, which means employees have to be on guard for suspicious messages, and quickly report them to their information security teams.
AI-powered scams
LLMs and deepfake technology have given scammers frighteningly powerful tools.
With access to software that can essentially write scam scripts in seconds or minutes, and then can conduct a conversation as a chatbot with a victim in real-time, bad actors can rapidly scale their schemes to reach far more people than they could in the past.
Ravichadran says scammers can even program a chatbot to use a regional accent, a detail that could likely persuade a potential victim into handing over their personal data.
Bad actors can also use deepfake technology to create a vocal or visual clone of someone. If you think you're speaking to someone you know, or could look up online, it might be very difficult to remain skeptical of a scammer's story or their requests.
As this technology becomes more widely available, and easier to use, it'll make scams that much easier to execute.
How to protect yourself from scams
In addition to routinely approaching interactions involving your money and data with skepticism, Ravichadran recommends protecting yourself with basic steps, like changing your password if you know it's been breached, and taking advantage of a password manager in order to use complex phrases that you don't need to remember.
Ravichadran also suggests more sophisticated strategies, including using services that monitor your financial accounts and credit for signs of fraud and identity theft.
He adds that anyone can become a scam victim, despite the perception that bad actors typically target certain people, like seniors. Ravichadran has spoken to people with advanced degrees who are shocked that they were duped by a scammer.
Though many victims feel embarrassed and ashamed, he encourages people to share their experiences with others, and certainly report them to authorities so that investigators can pursue the criminals.
The FBI recommends reporting scams to law enforcement and to the FBI's Internet Crime Complaint Center. If you think you've been scammed by a registered business, you can also report suspected fraud to your state attorney general, the state in which the company is listed, and to the Federal Trade Commission.
Topics Social Good Social Media Money
