Modern Scam Tactics Explained

🤖 AI-Powered Deception

Scammers use AI voice cloning and deepfakes to impersonate loved ones in distress or executives authorizing fraudulent payments.

🐷 Pig Butchering Scams

A long-con where scammers build deep relationships before convincing victims to "invest" in fraudulent crypto or trading platforms.

✅ Task-Based Scams

Victims are offered easy money for simple tasks. After small payouts, they are lured into making large deposits for "premium" tasks and then lose their money.

🎣 QR Code Phishing

Malicious QR codes on posters or menus lead to fake websites that harvest credentials or install malware.

👵 Grandparent/Emergency Scams

Scammers pose as a grandchild or other relative in urgent need of money for an emergency, creating panic to bypass critical thinking.

💻 Tech Support Scams

Fake pop-up warnings claim a device is infected, tricking users into calling a fake helpline and paying for useless services or granting remote access.

🏢 Government Impersonation

Scammers pose as officials from tax agencies or law enforcement, demanding immediate payment to avoid fines or arrest.

💳 Gift Card Payment Scams

Fraudsters demand payment via gift cards for fake debts or fees, as they are largely untraceable and function like cash.

Anatomy of a Modern Scam

1

Reconnaissance & Targeting

Scammers scrape public social media profiles, data breach dumps, and platform directories to build profiles of potential victims, identifying vulnerabilities and interests.

2

The Hook & Social Engineering

Contact is initiated using a tailored pretext (a wrong number text, a job offer, a fake security alert). The goal is to establish an emotional connection—trust, fear, greed, or romance.

3

Isolation & Escalation

Victims are moved from a public platform to a private, encrypted channel (like WhatsApp or Telegram) to evade detection and cut them off from support networks.

4

Monetization (The "Ask")

The scam culminates in the request for money, credentials, or gift cards. In investment scams, this may involve multiple escalating payments.

5

Disappearance & Laundering

Once the goal is achieved, the scammer vanishes. The stolen funds are quickly moved through a complex web of accounts or cryptocurrency tumblers to obscure their origin.

Understanding the Spectrum of Online Harms

📉 Short-Tail Harms

High-frequency, lower-severity issues often handled by automated systems.

Examples: Spam, generic phishing links, low-quality comments, keyword-based hate speech.
How It's Evolving: Generative AI is making short-tail harms more sophisticated. Spam emails are now grammatically perfect, and phishing sites are generated flawlessly, making them harder for both users and simple filters to detect.

📈 Long-Tail Harms

Low-frequency, high-severity issues requiring expert human investigation.

Examples: Coordinated Inauthentic Behavior, complex fraud rings, human trafficking, child sexual abuse material (CSAM), targeted harassment campaigns.
How It's Evolving: These harms are now deeply cross-platform. A fraud ring might recruit on one platform, communicate on another, and cash out on a third. This requires complex, multi-platform investigations and collaboration between T&S teams.

The Robust Trust & Safety Operating Model

The Signal Engine: Identifying Threats

Combine technical signals with behavioral analysis to proactively identify scams before they cause widespread harm.

Behavioral Analysis: Detect patterns indicative of scams. For Pig Butchering, this includes monitoring for one-sided, high-volume messaging from new accounts and flagging conversations that quickly suggest moving to off-platform chat apps.
Content & Media Analysis: Use AI to scan for known malicious content. For AI Deception, employ synthetic media detectors on video uploads. For Quishing, run image analysis on QR codes to check for redirects to known malicious domains.
Transactional Analysis: Monitor for suspicious financial patterns. For Task-Based Scams, flag accounts that receive many small payments from a "business" and then make a single large payment back to it.
Account-Level Heuristics: Build risk scores for accounts. For Impersonation, flag accounts created with slight misspellings of official brands or those that upload logos of well-known entities shortly after creation.

The Action Hub: Neutralizing Active Threats

Act swiftly and decisively to minimize harm to users and dismantle scammer infrastructure on your platform.

Rapid Enforcement & Network Takedowns: When a scam account is confirmed, use link analysis (shared IPs, device IDs, login patterns) to identify and mass-suspend the entire scammer network, not just the reported account.
Victim Support & Remediation: Implement a "scam alert" system. Proactively notify users who have interacted with a now-banned scam account, providing them with educational resources and steps to secure their account.
Asset Freezing & Recovery Collaboration: For platforms with financial components, establish protocols to temporarily freeze funds associated with confirmed scam activity and collaborate with payment processors and law enforcement to aid in recovery efforts.

The Hardening Layer: Long-Term Prevention

Make the platform an unattractive and difficult target for scammers through strategic product design and user education.

Strategic Friction (Safety by Design): Introduce "speed bumps" for risky actions. Examples: Limit the number of DMs a new account can send in its first 24 hours. Display a large warning interstitial when a user clicks a link that leads off-platform.
Just-in-Time Education: Deliver targeted, context-aware warnings. If a user receives a message containing keywords associated with investment scams, trigger a pop-up with a brief guide on how to spot them.
Ecosystem Collaboration & Intelligence Sharing: Actively participate in industry groups to share hashed threat data (e.g., malicious domains, scammer wallet addresses). Collaborate with telecom providers to report numbers used in smishing campaigns.

Your Personal Security Checklist

⭐

The Golden Rules (For Everyone)

Practice the A.C.T. Method: A simple way to remember how to react.
- Acknowledge the pressure. Scammers want you to act fast without thinking. Pause.
- Contact the person or company through a separate, trusted channel.
- Think before you click or pay. If it feels wrong, it probably is.
Enable Two-Factor Authentication (2FA): This is your digital seatbelt. It adds a second layer of security (like a code sent to your phone) that stops scammers even if they steal your password.
Use a Password Manager: It's impossible to remember strong, unique passwords for every site. A password manager does it for you, creating and storing them securely.

📱

For the Socially Connected

Digital Stranger Danger: An online friend is still a stranger. Be wary of anyone who quickly asks for personal information, money, or intimate photos.
Perform Regular Privacy Check-ups: On platforms like Instagram, TikTok, and Facebook, review who can see your posts and information. Limit your audience to people you know and trust in real life.
Beware of Sextortion: Scammers will threaten to share fake or real intimate images to extort money. Never send such images, and if you are threatened, immediately tell a trusted adult and report the account to the platform and authorities.

👨‍👩‍👧‍👦

For Families & Older Adults

Establish a Family 'Safe Word': For urgent money requests, agree on a secret word or question that only your family knows. If the caller doesn't know it, it's a scam. This defeats AI voice cloning.
Never Grant Remote Access: No legitimate company will call you and ask for remote access to your computer. If you get a pop-up or call about a virus, hang up or shut down the computer. Contact a trusted local technician if you are concerned.
Recognize Illegitimate Payment Methods: Government agencies (like the IRS or police) and legitimate companies will never demand payment via gift cards, wire transfers, or cryptocurrency. This is the #1 red flag of a scam.

Digital Safety Simulator

Test Your Scam-Spotting Skills

Navigate through real-world scenarios and make choices to protect your digital life. Can you maintain a perfect Trust Score?