Stepping into a new year does not necessarily mean we will enter a new era of safer cyberspace. More often, it usually means the opposite, with the Global Anti-Scam Alliance reporting that in 2024, scammers stole over $1.03 trillion, a trend that is set to potentially continue in 2025.
Looking back at the technological trends, 2024 was dominated by artificial intelligence; we can safely assume that AI-driven tactics will shape fraud in 2025. This highlights the need for enhanced consumer awareness and new emotional and psychological paradigms to counter evolving and sophisticated scams.
Old frauds don’t just disappear; instead, they evolve alongside technology, which means that the best way to stay protected is to be in the know.
Below we list five ‘new’ frauds that are likely to dominate 2025, but most of them share a common thread, so before we delve into them, let’s dive into the common red flags across all scams that can help you identify them more easily.
Patterns across scams
- Unsolicited communication through phone calls, text messages, social media, messaging apps, or email
- Communication creates a sense of urgency, such as a hot-selling commodity, an expiring investment opportunity, or even a warning before sharing explicit images of the user (basically the threat of consequences if you don’t take action)
- Requests for money transfer to an ‘escrow’ account
- Requests to download an obscure app
- Requests to click on a link (via email, sms, social media ads, etc.)
- Spelling mistakes or out-of-place colloquialisms
- Video messages that have unusual pauses, different accents or a different pitch, or face movement that doesn’t match the sound
1. Robocalls
Yes, phone scams are on top of fraudsters’ lists thanks to the proliferation of AI-powered tools. The fact that smartphones can access the internet makes it easy for scammers to redirect unsuspecting users to sites that will install malware on their phones.
However, other tactics evolved thanks to AI’s ability to clone the voice of anyone with only a few seconds of their natural speech recording. Thanks to this evolution, robocalls sound increasingly more personal and natural, making them hard to detect.
These calls range in their content, from vacation offers to issues or threats that require your immediate action. The goal of the fake call can also range from information gathering to outright scamming.
Such a diverse approach will likely give rise to SIM swap scams. This type of scam looks to target the weakness in two-factor authentication (2FA), where the second verification step is a code sent via SMS. The scammers will use the information that they gathered on users to call their service provider using robocalls to persuade the phone service provider to transfer the victim's phone number to the fraudster's SIM card. This can result in users losing service on their SIMs and all messages and calls going to the attackers.
Additionally, we may see a rise in one-time password (OTP) bot attacks. Scammers may try and log in to your bank, prompting the bank to send you a one-time code. At the same time, the bot will call you, text you, or send an email to inquire about the code.
The timing may seem convenient in an attempt to convince you that the request is legitimate, but if you send your OTP, the scammers will get access to your account.
2. Crypto investment scams
Thanks to another cryptocurrency bull run, we've already seen over $1.5 billion of crypto lost to scams or theft in just three months of 2025. Most of the tactics related to this type of scam revolve around phishing attempts or even social media ads with malicious links.
In 2024, there was an increase in OTP bot attacks on crypto exchanges, which also included some other types of phone-related scams. However, another great danger of crypto-related scams is tied to the investing aspect, playing on your insecurities, greed, and lack of financial education.
Crypto is infamous for what is called a “rug pull” scam, where founders pull out all of the funds from the project, leaving retail investors holding a worthless coin and a dead project. A simple Google search will list a dozen examples of such crypto scams, so brushing up on your financial literacy and staying vigilant can help you avoid crypto-related scams.
3. Romance scams (aka Pig Butchering scams)
Romance baiting, also known as the Pig Butchering scam, might see an uptick in 2025 because of AI deepfake images/videos and romance chatbots. The goal is to get the victim to believe that there is a possibility of romance or dating, with the scammers sending messages to establish trust and gain enough of it to convince the victim to share personal data or even send funds.
At the start of 2025, we witnessed a Romance scam in France that involved deepfake images of Brad Pitt, which scammed the victim out of $850,000. Another variation of this scam involves sexual exploitation, also known as sextortion scam.
Users (young girls, attractive persons of the opposite sex, etc.) pretending to be interested in the victim would send explicit content created by AI in an attempt to get explicit images of the victim.
Sometimes gifts are offered in exchange for explicit content (gift cards, crypto coins, etc.). Once the scammers possess the images, they threaten the victim to send the images to friends, family, classmates, etc. unless a payment is made to an account.
Most of these scams start with messages through either social media or even dating apps, meaning that anyone can be a target.
Some scammers even go so far as to seek platonic relationships to establish deep-rooted trust before they look to exploit the victim. This means that we need to be especially vigilant on these platforms to never share too much of our personal lives and never send funds to “strangers” online.
4. Malvertising
While not necessarily a new concept, malvertising has been on the rise in the last two years. Criminals now “pay to play”, hiding malicious links in paid ads across the internet.
Traffic Distribution Systems (TDS) and cloakers are the quintessential tools used by the malicious advertising world, therefore, gaining a better understanding of how they are used can give you a leg up in trying to stay protected.
There are multiple layers to this issue, with other types of malicious ads including malignant banner ads, concealing bad code using steganography on legitimate sites, malicious ads hiding in popups, and many more.
Besides understanding these threats, you can limit the fingerprint of your browser, use a reputable ad blocker, keep your software up to date, and have a tested and reliable security solution that offers real-time protection, to help combat the threat.
5. Formjacking
Another not-so-new threat, but one that has been on the rise recently is formjacking. Whether you’re registering for a service online or filling out your details after completing a purchase on a site, this information is transferred and stored digitally.
If attackers manage to compromise a website’s form, they can steal this data, therefore this scam is known as formjacking. This occurs if malicious code is injected into a website’s online forms without the knowledge of the company’s IT.
While there is no overall solution you can employ to protect yourself from this type of fraud, there are some steps you can take. Initially, you can confirm whether the site you’re using is legitimate (or app, depending on where you’re doing your shopping).
Avoid websites that don’t have HTTPS encryption. Finally, do business with reputable companies that create secure online environments to minimize the risk of formjacking, and use the latest online security software.
Final words
Despite the potentially bleak outlook when it comes to cybersecurity in 2025, the fact that AI is now omnipresent can work in our favor. Namely, AI is good at creating exploits but it is in turn also good at creating protection for the same exploits.
Seeing an increase in AI investments across cybersecurity companies means that we will see an increase in protection tools alongside these new and not-so-new scams.
But overall, the onus is on us to stay informed, stay vigilant, control our emotions, and try and make the right decisions online. This means adopting strong cybersecurity habits, such as using unique, complex passwords, enabling multi-factor authentication, and being skeptical of unsolicited messages or too-good-to-be-true offers. It also means leveraging AI-driven security tools ourselves, from advanced antivirus software to browser extensions that detect phishing attempts.