Online scams are an ever-present threat, costing Americans nearly $119 billion a year. It’s not just happening on the internet either. Robocalls and text scams hit a six-year high in 2025.
Now, with the proliferation of artificial intelligence, scammers are even more sophisticated, using AI tools to bypass spam filters and trick people into divulging sensitive information or making false payments.
Attackers can use large language models — trained to mimic human writing — to create highly personalized, grammatically flawless phishing emails and texts that convincingly impersonate real individuals. They can also use machine learning to create voice clones, which mimic the pitch, tone and patterns of someone’s voice.
As an author with a very public online presence, I’ve received dozens of advanced scams in recent months (over 10 of them while drafting this article), mostly aimed at getting me to purchase nonexistent marketing packages.
Here’s what I’ve learned about identifying scams, especially those that use AI to get past your spam filters.
Common features of AI scams
Technically, it’s impossible to be 100% certain that something was created by AI. Even Pangram, an AI plagiarism checker that claims to outperform human experts at identifying AI-generated content, can produce false positives due to a lack of nuance.
However, there are some red flags to look out for.
Does the message lack unique information?
The most common scam emails I receive are from alleged fans who claim they want to help market my work. After experiencing an initial moment of excitement — there’s nothing cooler than receiving fan mail — I realize their email simply rearranges words from one of my book blurbs without any new or unique information. This tells me that the AI model just scraped data from my Goodreads page to build its scam message.
Even if you don’t have a Goodreads page, you can still get a sense of what information about you is readily available online. Scrutinize what’s public knowledge versus sensitive data that only someone close to you would have.
For example, a friend’s grandmother once identified a scam when someone claiming to be her grandson called her “Grandma.” Her real grandchildren called her by a different name.
Does the message claim to be from someone famous?
Another common type of scam in my professional network is someone claiming to be an esteemed author, an established agent or a big publisher with a sudden interest in your work. As someone who’s published five books, I can promise you that no one famous will email you unless you’ve had a previous conversation.
Here’s one example of a scam received by my friend AGA Wilmot, an award-winning writer, that claims to come from a reputable author to get them to download a file that likely contains malware.
Enlarge Image
This scam email encouraged the recipient to download a free guide for writers that likely contained malware.
Similarly, your favorite influencer or celebrity is unlikely to take a sudden interest in you unless you go viral with content about them.
Even then, there are ways to verify the message’s validity by checking the celebrity’s social media profiles or website, or by confirming the phone numbers used to text or call you.
Does the message use awkward or overly formal language?
While the scams of the past were often identified by messy language, typos and strange formatting, AI-generated content tends to trend in the other direction. Emails and text messages drafted by large language models are usually free of typos. Phone calls often use highly polished and formal language, like something you might find on a company’s terms of service page, rather than regular communication.
Just because something is written in formal or polished language doesn’t mean it’s legit.
Is there a suspicious email address or phone number?
Scammers’ email addresses can often be identified by one of the following:
- A suspicious domain, often one similar to the company they’re trying to impersonate (such as “paypal1.com” for a scammer impersonating PayPal). The domain may also be completely unrelated to the person or company.
- A suspicious username, often similar to a real username (like “contact12” for a scammer impersonating a company’s customer service). The email may also be a random combination of words or numbers.
- An unbranded email domain, such as gmail.com. While some legitimate inquiries will come from unbranded email addresses, established professionals at large companies will have custom email addresses tied to their company’s domain. Similarly, company departments, such as customer service, will have email addresses with branded domains.
Suspicious phone numbers can be harder to identify, though I’ve found that any call from a number that shares the middle three digits of my own phone number has been a scam. Long-distance calls from area codes you don’t recognize may also be scams.
Does the message use urgent language?
Always be suspicious when someone uses urgent language and tries to force you to act quickly.
Many scams create a sense of urgency with phrases like “immediate action required” to get you to act without paying attention to context clues. The truth is that very few things, especially via email or text, require immediate action.
While this knowledge can help identify some scams, it can also make phone scams more dangerous. If someone’s really in trouble, they’ll call you — so it’s important to understand other signs of phone scams and keep a level head when someone calls you claiming there’s a crisis.
Are there unexpected attachments?
Email scams often use attachments that contain viruses or other malicious code. Scammers attempting to gain your payment app information may attach invoices to their emails to make them look more realistic.
Are there misleading links?
Another common scam tactic is to send you links to malicious websites that often impersonate real sites like PayPal or banks. Similar to the email addresses we discussed earlier, they’ll have domains that either imitate the sites they’re copying or that make no sense at all. Always review the URLs of any links you receive to see if they’re legit before clicking.
Does the message violate company policies?
Many institutions, especially financial institutions such as banks and tax authorities, have strict rules about how and when they’ll contact you, which are often publicly listed on their websites. If a message claiming to come from one of these institutions breaks those rules — like asking for personal information via email when the company’s policies state it will never do that — it’s probably a scam.
How to identify scams that make it past your spam filters
Spam filters catch a lot on your email platform and phone, but they can’t always keep up with the increasingly elaborate scams bad actors are creating with AI.
The following strategies, drawn from my own experience and cybersecurity experts’ advice, can help you deal with scams that get through your filters.
Establish a system to confirm the identity of people calling you
You want to avoid being scammed out of your hard-earned cash by people impersonating your loved ones with AI voice clones, but you also want to be able to help your family when they need it. Establish systems you can use to verify loved ones’ identities when they call for help, such as a code word, number or nickname that can be verified in urgent situations.
Scrutinize messages claiming to be from authority figures
Since so much information is online, it’s easier to impersonate people. Let’s take a look at an email I recently received that claims to come from an editor at a large publishing house.
Enlarge Image
Another email scam purports to come from a real staff editor at an established publisher.
This scammer did their research. The editor is a real person at Pan Macmillan, and the signature includes her real photo and the company’s real URL. At first glance, it seemed real.
However, I was able to identify it as a scam using some of the clues I discussed earlier. First, a senior editor certainly has an email with the company’s domain, but this message came from a Gmail address. Second, the use of my full name in the greeting rather than just my first name suggests the use of AI. Finally, the information about my book was taken entirely from the publicly available blurb and reviews.
All of this confirmed my initial feeling that this was a scam, likely leading toward an ask for money or personal information. Pan Macmillan further validated my suspicions by issuing a fraud alert about scammers impersonating Pan Macmillan employees.
Reach out to the person or company the scam claims to come from
If you’re still uncertain about an email, text or phone call, your next step is to reach out directly to the source of the message through the official contact information on their website. For example, if you get a text message to click a link for a FedEx package delivery, it’s easy to call FedEx independently or check its website to confirm.
Unfortunately, you won’t always be able to do this when a scammer is pretending to be an individual. For example, I couldn’t find a contact email for the editor being impersonated in the scam email I shared above. In these instances, you’ll have to rely on your instincts. If it sounds too good to be true, it probably is.
Use the Malwarebytes reverse phone lookup tool
Malwarebytes, one of our Editors’ Choice winners for best antivirus in 2026, recently launched a free reverse phone lookup tool to help you determine whether a phone number is authentic. Simply enter a phone number and Malwarebytes will check it against a database containing millions of recorded scam numbers. All of this happens near-instantly, and the results will tell you if the number is safe, suspicious or a confirmed scammer. Malwarebytes will also share caller information if it’s available so you can decide whether or not to return the call or text.
Pay close attention to unrequested links
Scam URLs are often easily identified because they mimic real websites or use a random combination of letters and numbers. However, some domains may appear to belong to real people or companies. In these instances, try Googling the domain and adding the word “scam” to determine whether the URL has been associated with scams. This method isn’t foolproof, but it has proven useful.
Don’t click on unrequested attachments
Always take a close look at file names before opening attachments you haven’t requested, especially if they come from email addresses you’re not familiar with. File names of malicious attachments often include random letters, numbers or symbols.
Another way to determine whether an attachment is malicious is to look at the file preview without downloading it. You can do this by hovering your mouse over the attachment and pressing the space bar, which generally triggers an application’s preview or quick-look feature, allowing you to view the contents of the file without actively saving, downloading or fully executing it.
AI scams are on the rise, but you can stay safe
AI-powered scams are more sophisticated than ever, claiming 62% more victims in 2025 than in 2024. The most important approach is to be skeptical, take a pause and look for clues. Methods including checking emails and phone numbers against existing contact information on company websites or creating a code word loved ones can use to confirm it’s really them calling you in a crisis are solid ways to help you stay safe. As a general rule, never share personal information or sensitive data unless you have verified who’s on the other end.
There are also steps you can take to minimize damage if you do get scammed, including proactive steps such as purchasing identity theft protection to secure your assets.
Read the full article here