Google on Thursday revealed that the rip-off defenses constructed into Android safeguard customers all over the world from greater than 10 billion suspected malicious calls and messages each month.
The tech big additionally stated it has blocked over 100 million suspicious numbers from utilizing Wealthy Communication Companies (RCS), an evolution of the SMS protocol, thereby stopping scams earlier than they may even be despatched.
In recent times, the corporate has adopted numerous safeguards to fight cellphone name scams and mechanically filter identified spam utilizing on-device synthetic intelligence and transfer them mechanically to the “spam & blocked” folder within the Google Messages app for Android.
Earlier this month, Google additionally globally rolled out safer hyperlinks in Google Messages, warning customers after they try and click on on any URLs in a message flagged as spam and step them visiting the doubtless dangerous web site, until the message is marked as “not spam.”
Google stated its evaluation of user-submitted experiences in August 2025 discovered employment fraud to be essentially the most prevalent rip-off class, the place people looking for work are lured with faux alternatives as a way to steal their private and monetary data.
One other outstanding class pertains to financially-motivated scams that revolve round bogus unpaid payments, subscriptions, and charges, in addition to fraudulent funding schemes. Additionally noticed to a lesser extent are scams associated to bundle deliveries, authorities company impersonation, romance, and technical assist scams.
In an fascinating twist, Google stated it has more and more witnessed rip-off messages arrive within the type of a gaggle chat with quite a lot of potential victims, versus sending them a direct message.
“This shift might have occurred as a result of group messages can really feel much less suspicious to recipients, significantly when a scammer features a fellow scammer within the group to validate the preliminary message and make it look like a professional dialog,” Google stated.
The corporate’s evaluation additionally discovered that the malicious messages stick with a “distinct every day and weekly schedule,” with the exercise commencing round 5 a.m. PT within the U.S., earlier than peaking between 8 a.m. and 10 a.m. PT. The best quantity of fraudulent messages is usually despatched on Mondays, coinciding with the beginning of the workday, when recipients are more likely to be the busiest and fewer cautious of incoming messages.
A few of the frequent elements that tie these scams collectively are that they start with a “Spray and Pray” method by casting a large web in hopes of reeling in a small fraction of victims by inducing a false sense of urgency by means of lures associated to topical occasions, bundle supply notifications, or toll expenses.
The intention is to hurry potential targets into appearing on the message with out pondering an excessive amount of, inflicting them to click on on malicious hyperlinks which can be usually shortened utilizing URL shorteners to masks harmful web sites and in the end steal their data.
Alternatively, scams also can embrace what’s referred to as as “Bait and Wait,” which refers to a extra calculated, personalised concentrating on methodology the place the menace actor establishes rapport with a goal over time earlier than going for the kill. Scams like romance baiting (aka pig butchering) fall into this class.
 |
| Prime three rip-off classes |
“The scammer engages you in an extended dialog, pretending to be a recruiter or outdated pal,” Google defined. “They could even embrace private particulars gathered from public web sites like your title or job title, all designed to construct belief. The ways are extra affected person, aiming to maximise monetary loss over time.”
Whatever the high-pressure or slow-moving tactic employed, the tip purpose stays the identical: to steal data or cash from unsuspecting customers, whose particulars, reminiscent of cellphone numbers, are sometimes procured from darkish net marketplaces that promote knowledge stolen from security breaches.
The operation can also be supported by suppliers that present the mandatory {hardware} for working cellphone and SIM farms which can be used to blast smishing messages at scale, Phishing-as-a-Service (PhaaS) kits that ship a turnkey resolution to reap credentials and monetary data and handle the campaigns, and third-party bulk messaging providers to distribute the messages themselves.
“[The messaging services] are the distribution engine that connects the scammer’s infrastructure and goal lists to the tip sufferer, delivering the malicious hyperlinks that result in the PhaaS-hosted web sites,” Google stated.
The search behemoth additionally described the rip-off message panorama as extremely unstable, the place fraudsters search to buy SIM playing cards in bulk from markets that current the fewest obstacles.
“Whereas it could seem that waves of scams are shifting between nations, this fixed churn doesn’t suggest scammers are bodily
relocating,” it added. “As soon as enforcement tightens in a single space, they merely pivot to a different, making a perpetual cycle of shifting hotspots.”
“Whereas it could seem that waves of scams are shifting between nations, this fixed churn doesn’t suggest scammers are bodily relocating,” it added. “As soon as enforcement tightens in a single space, they merely pivot to a different, making a perpetual cycle of shifting hotspots.”
