Google on Thursday revealed that the rip-off defenses constructed into Android safeguard customers around the globe from greater than 10 billion suspected malicious calls and messages each month.
The tech large additionally stated it has blocked over 100 million suspicious numbers from utilizing Wealthy Communication Providers (RCS), an evolution of the SMS protocol, thereby stopping scams earlier than they might even be despatched.
In recent times, the corporate has adopted varied safeguards to fight telephone name scams and routinely filter recognized spam utilizing on-device synthetic intelligence and transfer them routinely to the “spam & blocked” folder within the Google Messages app for Android.
Earlier this month, Google additionally globally rolled out safer hyperlinks in Google Messages, warning customers after they try and click on on any URLs in a message flagged as spam and step them visiting the possibly dangerous web site, until the message is marked as “not spam.”
Google stated its evaluation of user-submitted stories in August 2025 discovered employment fraud to be essentially the most prevalent rip-off class, the place people trying to find work are lured with faux alternatives to be able to steal their private and monetary info.
One other distinguished class pertains to financially-motivated scams that revolve round bogus unpaid payments, subscriptions, and charges, in addition to fraudulent funding schemes. Additionally noticed to a lesser extent are scams associated to package deal deliveries, authorities company impersonation, romance, and technical help scams.
In an fascinating twist, Google stated it has more and more witnessed rip-off messages arrive within the type of a gaggle chat with plenty of potential victims, versus sending them a direct message.
“This shift could have occurred as a result of group messages can really feel much less suspicious to recipients, notably when a scammer features a fellow scammer within the group to validate the preliminary message and make it seem like a professional dialog,” Google stated.
The corporate’s evaluation additionally discovered that the malicious messages keep on with a “distinct day by day and weekly schedule,” with the exercise commencing round 5 a.m. PT within the U.S., earlier than peaking between 8 a.m. and 10 a.m. PT. The very best quantity of fraudulent messages is often despatched on Mondays, coinciding with the beginning of the workday, when recipients are prone to be the busiest and fewer cautious of incoming messages.
A few of the widespread points that tie these scams collectively are that they start with a “Spray and Pray” strategy by casting a large web in hopes of reeling in a small fraction of victims by inducing a false sense of urgency by way of lures associated to topical occasions, package deal supply notifications, or toll costs.
The intention is to hurry potential targets into performing on the message with out pondering an excessive amount of, inflicting them to click on on malicious hyperlinks which can be usually shortened utilizing URL shorteners to masks harmful web sites and in the end steal their info.
Alternatively, scams also can embrace what’s known as as “Bait and Wait,” which refers to a extra calculated, personalised concentrating on technique the place the menace actor establishes rapport with a goal over time earlier than going for the kill. Scams like romance baiting (aka pig butchering) fall into this class.
Prime three rip-off classes
“The scammer engages you in an extended dialog, pretending to be a recruiter or previous buddy,” Google defined. “They might even embrace private particulars gathered from public web sites like your title or job title, all designed to construct belief. The ways are extra affected person, aiming to maximise monetary loss over time.”
Whatever the high-pressure or slow-moving tactic employed, the top aim stays the identical: to steal info or cash from unsuspecting customers, whose particulars, corresponding to telephone numbers, are sometimes procured from darkish net marketplaces that promote information stolen from safety breaches.
The operation can be supported by suppliers that present the required {hardware} for working telephone and SIM farms which can be used to blast smishing messages at scale, Phishing-as-a-Service (PhaaS) kits that ship a turnkey answer to reap credentials and monetary info and handle the campaigns, and third-party bulk messaging companies to distribute the messages themselves.
“[The messaging services] are the distribution engine that connects the scammer’s infrastructure and goal lists to the top sufferer, delivering the malicious hyperlinks that result in the PhaaS-hosted web sites,” Google stated.
The search behemoth additionally described the rip-off message panorama as extremely unstable, the place fraudsters search to buy SIM playing cards in bulk from markets that current the fewest obstacles.
“Whereas it could seem that waves of scams are shifting between nations, this fixed churn does not imply scammers are bodily
relocating,” it added. “As soon as enforcement tightens in a single space, they merely pivot to a different, making a perpetual cycle of shifting hotspots.”
“Whereas it could seem that waves of scams are shifting between nations, this fixed churn does not imply scammers are bodily relocating,” it added. “As soon as enforcement tightens in a single space, they merely pivot to a different, making a perpetual cycle of shifting hotspots.”
