What Happened
Google published its latest fraud and scams advisory in June 2026, and the findings are sobering: AI-powered fraud is surging. According to global surveys, approximately one in five adults have fallen victim to scams. Global fraud losses are estimated at nearly $580 billion for 2025 alone.
The advisory details how scammers are using AI technology in increasingly sophisticated ways: deepfake videos, voice cloning, synthetic identities, and automated phishing campaigns that can bypass multi-factor authentication.
The New Tactics
Traditional email phishing has evolved into what Google calls "Adversary-in-the-Middle" (AITM) attacks. Attackers are able to mirror legitimate login pages so convincingly that they capture passwords and session cookies—and they do it in ways that defeat even multi-factor authentication.
But the scarier part is what's coming: AI-powered deepfakes that can convince you a family member is in trouble. Voice cloning that sounds exactly like your bank. Synthetic identities that can pass initial verification checks.
One particularly effective scam: "Calendar Phishing," where scammers add fake renewal notices directly to your Google Calendar invites. Another uses fake browser update warnings (the "ClickFix" campaign) to install malware on Google Sites.
The Cryptocurrency Connection
Americans lost more than $11 billion to cryptocurrency-related scams in 2025. Scammers are using AI to create convincing tutorials on "passive income" mining and token giveaways. The victims follow the instructions, run the provided code, and their crypto wallets get drained.
Mobile Extortion
A newer trend: malicious apps disguised as finance apps that ask for excessive permissions (contacts, SMS history, photos) and then use that stolen data to extort people. Some operators publicly shame victims to pressure them into paying.
To evade app store detection, scammers submit legitimate-looking apps for review, and then update them with malicious code after they've been installed.
The Government Impersonation Angle
Threat actors are impersonating police forces, labor ministries, and other government agencies in coordinated campaigns targeting South Asia, Southeast Asia, and the Middle East. They use "digital arrests"—fake video calls with official-looking branding—to convince people they're under investigation and demand "legal fees."
What Google Is Doing About It
Google's response includes deploying Device Bound Session Credentials (DBSC) to protect session cookies, strengthening defenses against phishing campaigns, and filing lawsuits against scammers to dismantle the tools they use.
But the reality is this: for every defensive measure, scammers are finding new ways around it. The technology arms race is real, and right now, the scammers have momentum.
What You Can Do
Never scan a QR code from an unexpected email. Always navigate directly to a service's official website instead of clicking links from notifications. Be skeptical of any investment that promises "guaranteed" returns. Don't copy and paste unknown code into your terminal. Only install apps from official app stores.
And if someone calls claiming to be law enforcement, demanding payment or threatening legal action via a third-party messaging app? That's a scam. Real government agencies don't work that way.
Sources
Google: Our latest fraud and scams advisory
WebProNews: Google's June 2026 Fraud Alert Exposes AI's Growing Role in Sophisticated Online Scams
Unbox Future: The $900 Million Deception: How AI-Powered Scams Are Outsmarting America