John C. isn’t the person you picture getting scammed.
He’s 36. He’s tech-savvy. He’s a mechanical engineer leading a team at a national energy lab in Denver. And he told us his story for one reason: “Scammers will target anyone.”
It began with a phone call from someone claiming to be the IRS. They said John had underpaid his taxes and needed to resolve it quickly. The caller sounded polished and convincing, so convincing that John didn’t stop to question it.
“I thought maybe they sent back too much money [in my refund], and they needed it back,” he said. “I was just so busy and overwhelmed that I never really stopped to think about the situation.”
A follow-up email arrived with IRS logos, clean formatting, and a big payment button. John was trying to move fast between classes as he finished up his PhD, and he wanted to correct the situation as quickly as possible.
“I was like, let me just hurry up and do this, get it over with.”
He clicked. He paid. But later, when he checked his statement, he saw the charge didn’t look like an IRS payment at all. In fact, it was an international charge. The whole thing was a scam.
John said the scammer on the phone had appealed to his emotions and been incredibly convincing.
“It was absolutely masterful,” John said. “I would give him an Oscar for it.
And new McAfee research shows John isn’t alone, with nearly 1 in 4 (23%) US adults surveyed revealing they’ve lost money to a tax scam.
Here’s what our January 2026 survey of 3,008 U.S. adults found:
In addition to our consumer survey findings, McAfee Labs analyzed malicious URLs, apps, texts, and emails in the months leading up to filing season.
The major takeaway: tax scams don’t wait for April.
Scam activity began climbing as early as November and has again continued building steadily into 2026.
Between September 1, 2025, and February 19, 2026, McAfee Labs identified 1,468 malicious or suspicious tax-themed unique domains, an average of 43 new fake tax websites every day.
In early November 2025 alone, the average number of new tax-themed malicious domains nearly doubled in just over a week. After a brief dip in late December, activity resumed climbing into February, a pattern we expect to intensify as the April filing deadline approaches.
Scammers are rapidly creating lookalike IRS domains that mimic official government URLs.
They use small changes, extra letters, added words, subtle misspellings, to trick taxpayers into believing they’re on a legitimate IRS site.
Examples include domains that insert additional text around “irs.gov” or add misleading subdomains designed to pass a quick glance.
These fake portals are used to:
In some cases, these sites don’t just steal, they overcharge.
McAfee Labs observed scam services offering to file for an EIN (Employer Identification Number), something the IRS provides for free, and charging as much as $319 for it.
Example of a scam website we found charging for an EIN.
The official IRS website explicitly warns: you never have to pay a fee to obtain an EIN.
Other scam sites misuse legitimate policy terms, like the “Fresh Start Initiative,” to harvest personal data and enroll victims in aggressive robocall and marketing campaigns.
Tax scams don’t always steal outright. Sometimes they monetize confusion.
Most tax scams aren’t one single message. They’re a sequence, designed to make you panic, click, and comply.
Below is the common playbook, plus the red flags that show up repeatedly.
*Note: Scammers may swap the details like AI voice, fake IRS videos, cloned websites, or impersonating tax software, but the pattern stays familiar.
| Step | What happens | Red flags you’ll see at this step | Red flags that are true every time | What to do instead |
| 1) The hook | You get a call, text, or email claiming there’s a tax issue (refund problem, underpayment, verification needed). | Message arrives out of nowhere, often during busy hours; “final notice” language; spoofed caller ID. | Unexpected contact + urgency. | Don’t engage. Pause. Go directly to IRS.gov or your tax provider’s official site (type it in). |
| 2) The authority move | They lean hard on being “the IRS” or “state tax authority,” sometimes with personal details. | They sound polished; may use AI voice cloning; may cite a “case number.” Fake or meaningless case numbers are very common. | They want you to trust the title, not verify the source. | Ask for written notice and time. Real tax issues can be verified through official channels. |
| 3) The link | They send a link to a “secure portal” or “refund page.” | Lookalike website, subtle misspellings, weird domain, shortened link, email button that says “Pay Now.” | They’re trying to pull you off official channels. | Never click the link. Navigate to the real site yourself. If unsure, delete it. |
| 4) The data grab | The site (or “agent”) asks for SSN, banking info, login credentials, or details from a prior return. | Requests that are broader than needed; “verify identity” prompts; form fields that feel too invasive. | They want sensitive info fast. | Stop. Don’t type anything. If you already did, assume it’s compromised and act quickly (see next section). |
| 5) The payment push | They demand payment to “avoid penalties,” “release your refund,” or “resolve a mistake.” | Gift cards, crypto, wire transfers, payment apps; pressure to pay today; threats. | Urgency + unusual payment method. | The IRS does not demand immediate payment via text/social, and doesn’t require gift cards or crypto. Verify independently. |
| 6) The escalation | If you hesitate, they intensify: threats, “law enforcement,” or AI video/audio that “proves” it’s real. | Deepfake IRS video, intimidating language, “you’ll be arrested,” “your license will be revoked.” | Fear is the product. | Hang up. Save evidence. Talk to a trusted person. Contact official support through verified numbers. |
| 7) The aftermath | You realize it was a scam—often after noticing a strange charge or login activity. | Charges from odd merchants; new accounts; IRS account alerts; failed tax filing due to “duplicate return.” | Shame keeps people quiet—scammers count on that. | Report it and protect your identity right away. You’re not alone, and it’s not your fault. |
Key point: A message can look “official” and still be fake. AI is making scam language smoother and scams more believable. The safest habit is simple: slow down, and verify using official sources you navigate to yourself.
First: take a breath. Scams are designed to trick you, especially when you’re overwhelmed, rushed, or just trying to fix a problem quickly.
John said it plainly: “Don’t be embarrassed. It does happen. It’s common… they will target anyone.”
And he’s right. The most important thing is what you do next.
Take screenshots and save:
If a scammer gets into your email, they can reset passwords for everything else.
Do this today:
Important: If you clicked a suspicious link, downloaded a file, or gave someone remote access to your computer, make sure you use a different, trusted device (like your phone or another computer) to change passwords. Why? If a scammer installed malware or has access to your computer, they may be able to see all of your brand-new passwords as you’re making them.
Tip: A password manager like McAfee’s can help you create strong, unique passwords quickly, without having to memorize them all.
Tax scams often turn into identity theft. Watch for:
If you suspect tax-related identity theft:
McAfee’s Identity Monitoring can help restore your sense of security and privacy online.
Reporting helps you and helps stop the next person from getting hit.
Common reporting options include:
Scammers don’t just use what you give them. They also use what they can look up.
Removing your personal details from risky data broker sites can reduce how easily scammers can target you again. Tools like Personal Data Cleanup can help you identify where your information is exposed and guide removal.
Tax season scams often come in waves, especially if scammers think your info is “good.”
Helpful layers include:
Tax season creates the perfect storm: time pressure, sensitive data, and a lot of official-looking communication.
Our research shows most people are worried, and for good reason. Scammers are getting more convincing, and AI is raising the bar on what “real” looks and sounds like.
“Tell your friends, tell your family,” John said. “Everyone I know at some point has heard this story, and it might just prevent someone from losing… thousands of dollars.”
If you remember just three things this season, make them these:
The post Tax Scams Hit Nearly 1 in 4 Adults. Spot the Red Flags appeared first on McAfee Blog.
This week in scams, we’re looking at three very different stories with the same underlying theme: trust is being exploited at scale.
A massive government contractor data breach has quietly grown to affect more than 25 million people. Meanwhile, a viral AI-generated image of Mary-Kate and Ashley Olsen posing in a fake luxury campaign is spreading across social media, fooling some users and alarming others.
And in a new threat report, OpenAI detailed how its own tools are being misused for dating scams, impersonation, and influence operations.
Let’s break it down.
The fallout from a ransomware attack on Conduent, one of the largest government contractors in the U.S., continues to expand.
According to reporting from TechCrunch, updated state-level breach notifications now indicate that more than 25 million people across the U.S. have had personal data exposed.
Conduent provides services tied to state benefit programs, including food assistance, unemployment systems, and other government payment processing operations. The company has said its services reach over 100 million people.
Data reportedly exposed in the breach includes:
TechCrunch noted that the majority of affected individuals appear to be in Oregon and Texas, based on state breach disclosures. Other states have also reported an impact.
The attack has been described as one of the largest government-contractor-related data breaches in recent memory.
Why this matters: When companies that process government benefits are hit, the exposed data often includes highly sensitive identity information. Social Security numbers combined with medical or insurance details can significantly increase the risk of identity theft and fraud.
If you believe your data may have been exposed:
Breaches like this often lead to secondary scams months later. The breach itself is only phase one. Phishing campaigns usually follow.
A supposed luxury campaign featuring Mary-Kate and Ashley Olsen began circulating widely on X and Facebook this week, racking up millions of views.
The images show the twins styled in what appears to be a high-end fashion shoot, drawing numerous comments over their styling. But social media users quickly pointed out visual irregularities and inconsistencies commonly associated with AI-generated imagery.
A screenshot of one of the AI images making thr rounds across social media.
While this doesn’t fall into our typical “scam” roundup, the normalization of AI-generated visuals that look close enough to real to confuse people are a growing issue that can lead to real confusion and distrust.
We have entered a phase where:
Today it’s a fashion ad. Tomorrow it could be a fake political endorsement, financial announcement, or emergency alert.
The takeaway: If you see a surprising campaign or announcement, verify it through official brand websites or verified accounts before assuming it’s real.
In a newly released threat report, OpenAI outlined several ways its tools have been abused by bad actors.
According to Reuters’ reporting:
A cluster of accounts used ChatGPT to run a dating scam targeting Indonesian men, allegedly defrauding hundreds of victims per month.
Some accounts used the tool to generate promotional copy and ads for a fake dating platform that pressured users into completing costly “tasks.”
Other accounts posed as law firms, impersonating real attorneys and U.S. law enforcement to target fraud victims.
OpenAI also banned accounts linked to activity believed to be part of influence operations, including efforts targeting Japanese political figures.
OpenAI stated that the activity was detected and accounts were removed.
Why this matters: AI tools themselves are not inherently scams. But they dramatically lower the cost and increase the scale of fraud operations. Writing persuasive emails, generating fake legal letters, building scam ads… these now require fewer technical skills than ever before.
The technology doesn’t create the criminal intent. It just accelerates it.
From ransomware breaches to AI-generated impersonations, the pattern is clear: scammers are scaling trust manipulation with technology.
Stay skeptical. Verify before you click. And we’ll be back next week with another breakdown of what’s making headlines, and what it actually means for your security.
Taylor Swift Tops List of Most Deepfaked Celebs
What to Do If You’re Caught Up in a Data Breach
Everything You Need to Know to Keep Your Passwords Secure
The post This Week in Scams: Conduent Data Breach and AI Olsen Twins appeared first on McAfee Blog.
AI is supposed to make the internet easier. But right now, it’s also making scams easier.
Every week, we round up the biggest scam and cybersecurity stories of the moment so you can recognize red flags, protect your accounts, and avoid the most common traps scammers are using.
This week in scams, we’re talking AI-powered search scams, a major fintech data breach, and an unexpected ticket fraud scheme that allegedly cost the Louvre millions.
Let’s jump in:
Google Search doesn’t just show links anymore. Now, it often shows AI-generated summaries at the top of the page called AI Overviews, quick answers designed to save you time.
But according to reporting from WIRED, scammers are finding ways to exploit these AI summaries by planting fake customer support phone numbers into search results.
Here’s how the scam works: Someone searches for a bank, airline, or service provider, usually something like “Company name customer support number.” Then Google’s AI Overview pulls a phone number from somewhere online and displays it as if it’s legitimate.
The problem? Sometimes that number doesn’t connect you to the company at all.
Instead, it connects you to a scammer impersonating customer service, someone trained to sound helpful, calm, and official, while quietly steering you toward sharing payment information, account details, or verification codes.
This isn’t just misinformation. It’s a direct path into fraud.
Google told WIRED it’s working to strengthen anti-spam protections in AI Overviews, but also recommends users double-check customer support numbers through additional searches.
Key red flags to watch for
If you’re looking for a customer support number, don’t rely on an AI summary.
The big lesson: AI can summarize the internet, but it can’t always verify the truth.
If you’ve applied for a loan, worked with a fintech service, or interacted with a home equity platform recently, this one is worth paying attention to.
According to BleepingComputer, fintech company Figure Technology Solutions was breached in a social engineering attack, with hackers reportedly stealing personal data tied to nearly 967,200 accounts.
The exposed data reportedly included names, email addresses, phone numbers, physical addresses, and dates of birth. And that’s exactly what scammers use to build believable impersonation attempts.
Even if you’ve never heard of Figure, data breaches like this can ripple outward fast. Once scammers have your email, phone number, and date of birth, they can launch more convincing scams like:
And because this breach was reportedly caused by social engineering, it’s also a reminder that the weakest link in security isn’t always technology, it’s human trust.
Key red flags to watch for after a breach
After breaches like this, scammers often wait weeks or months before striking, because they know people stop paying attention.
Not every scam story is about malware or phishing links. Some are about old-fashioned fraud, executed at a scale that feels almost unbelievable.
According to reporting from The New York Times, French investigators uncovered a ticket fraud scheme that may have cost the Louvre in Paris nearly $12 million over a decade.
Officials say the suspected scam involved tour guides allegedly reusing tickets multiple times, bribes paid to museum employees, and tourist groups being split up to avoid additional fees.
Last week, police reportedly arrested nine people in the case, including two museum employees.
Investigators also believe similar fraud may have taken place at Versailles.
This wasn’t a one-time trick. Investigators believe the network may have been running for years, allegedly bringing in multiple tour groups per day.
It’s a reminder that scammers don’t always need to “hack” a system.
Sometimes, they just find a weak point, then repeat it until it becomes a business model.
The bottom line: the Louvre story is dramatic, but the lesson is familiar. Scams thrive anywhere oversight is stretched thin, systems are overwhelmed, and people assume someone else is double-checking.
Whether it’s a museum ticket scanner or an AI-generated search result, scammers will always look for the fastest path through the cracks.
This week’s scam pattern is all about one theme: trust shortcuts.
AI summaries that feel official. Phone numbers that look real. Support agents who sound convincing. Breach data that makes phishing more believable.
The best defense is slowing down and verifying before you act.
Here are the smartest moves to make right now:
Don’t trust AI Overviews (or search snippets) for customer support phone numbers. Always verify through the company’s official website.
Treat “customer service” calls with caution, especially if they ask for payment info, passwords, or MFA codes.
Never share verification codes, even if someone claims they’re just “confirming your identity.”
Watch for phishing attempts after major breaches. Scammers often use stolen data to make messages feel personal and urgent.
Be suspicious of pressure tactics like “your account will be frozen” or “you must act immediately.”
If you think your personal data may be exposed, monitor your credit and update your passwords now, not later.
Use tools like McAfee Web Protection to avoid dangerous links, bad downloads, malicious websites, and more.
We’ll be back next week with another roundup of the scams making headlines, and what you can do to stay ahead of them.
The post This Week in Scams: AI Search Traps, a Fintech Breach, and a $12M Louvre Hustle appeared first on McAfee Blog.
You don’t always realize your YouTube channel has been hacked right away.
Sometimes it’s a sudden spike in notifications. Sometimes it’s a flood of confused comments. And sometimes it’s the worst-case scenario: you wake up to find your channel renamed, your videos hidden, and a scam livestream running under your brand.
This is one of the most common forms of creator-targeted account takeover today. Attackers hijack real channels because they already have an audience, and then use that trust to promote fake crypto giveaways, “investment” livestreams, or malicious links in video descriptions.
A YouTube channel hack can also put your account at risk of Community Guidelines strikes or monetization penalties, even if you didn’t upload the content yourself.
This guide walks you through exactly what to do if your YouTube channel has been compromised: how to regain owner access, stop scam live streams fast, and secure your Google Account so it doesn’t happen again.
A hacked YouTube channel usually means your Google Account has also been compromised, since every YouTube channel is tied to at least one Google Account.
Watch for these red flags:
Changes you didn’t make: Your channel name, profile photo, handle, description, or external links were updated.
Videos or live streams you didn’t create: You may see uploads you don’t recognize, scam live streams, or replays that weren’t posted by you.
You receive warnings or strikes: YouTube may send emails about Community Guidelines violations, copyright claims, or suspicious activity tied to content you didn’t publish.
You can’t log in or your password stops working: A sudden login failure may mean your password was changed or your account access was locked.
Monetization or AdSense settings changed: Attackers may try to redirect revenue or alter payment associations.
If any of these are happening, assume your channel is compromised and start recovery steps immediately.
If your YouTube channel was hacked, assume your Google login details may have been stolen.
That means simply getting back into your channel isn’t enough; you also need to update the passwords and settings attackers could still use.
Here’s what to change right away:
If you suspect the takeover started through malware or phishing, it’s also smart to update passwords for other sensitive accounts tied to your Google identity, like Gmail, Google Drive, banking accounts, or payment apps.
Using a password manager like McAfee’s can help you create strong, unique passwords for every account, and store them securely in one place.
| Step | What to Do | Why It Matters |
| 1. Recover your Google Account first | If you can still log in, change your password immediately. If you can’t, start Google’s account recovery process. | Your YouTube channel is tied to your Google Account. If your Google Account is compromised, your channel will remain vulnerable. |
| 2. Secure your Google Account | Enable 2FA, review recent logins, and remove unknown devices. | Hackers often stay logged in through active sessions even after a password change. |
| 3. Remove unknown channel access | Check channel permissions and remove any unfamiliar owners, managers, or editors. | Attackers may add themselves as a manager to keep access even after recovery. |
| 4. Stop scam live streams and remove suspicious uploads | End any unauthorized livestreams, delete scam videos, and remove malicious links from descriptions. | Scam streams can damage your reputation and trigger policy strikes quickly. |
| 5. Revert channel changes | Restore your channel name, branding, About section, links, and settings. | This helps prevent your channel from being used to impersonate a brand or run scams. |
| 6. Review YouTube Studio for strikes or policy issues | Check for Community Guidelines strikes, copyright claims, or monetization restrictions. | Hackers often upload policy-violating content that can put your channel at risk. |
| 7. Scan your device for malware | Run a trusted security scan to check for spyware or password-stealing malware. | If your device is infected, attackers can steal your new password immediately. |
| 8. Contact YouTube/Google support if you’re still locked out | Use YouTube’s hacked channel support tools or Google Account recovery help. | If self-recovery fails, YouTube may be able to help restore access or guide you through next steps. |
If you’re still having issues after completing these steps, be sure to visit YouTube and Google’s official support resources for hacked accounts.
And, if you’re an eligible creator, you can also contact YouTube’s Creator Support Team.
One of the most common ways YouTube channels get hacked is through phishing.
Scammers impersonate:
They try to pressure you into clicking a link, downloading a file, or logging in through a fake Google sign-in page.
If you receive a suspicious email or message, don’t click.
Instead, open YouTube Studio directly and check your account status from inside the platform.
A hacked YouTube channel is stressful for a reason: it doesn’t just affect your account. It affects your audience, your reputation, and your income, especially if monetization is involved.
The most important steps are:
And if you’re still locked out or something doesn’t look right, follow YouTube’s official recovery guidance and contact Google/YouTube support directly.
YouTube may be able to help restore access, reverse changes, or provide instructions for appealing a termination if your channel was taken down during the hack.
McAfee also offers a free antivirus scan that can help you detect malware or suspicious programs that may have compromised your account in the first place.
| Q: How do I know if my YouTube channel was hacked? A: Common signs include channel name or branding changes you didn’t make, scam livestreams, videos uploaded that aren’t yours, suspicious external links added to your channel, or being locked out of your account. |
| Q: Why does a hacked YouTube channel usually mean my Google Account was hacked too? A: Because YouTube channels are tied to Google Accounts. If your channel was taken over, your Google login credentials or active session may have been compromised. |
| Q: What should I do if my channel is live-streaming a crypto scam? A: End the livestream immediately if you still have access. Then change your Google password, remove unknown channel managers, enable 2FA, and remove scam links from your channel page and video descriptions. |
| Q: Can I get strikes or lose my channel because of videos the hacker uploaded? A: Potentially, yes. Scam uploads can trigger Community Guidelines or copyright violations. That’s why it’s important to remove unauthorized content quickly and review YouTube Studio for strikes. |
| Q: What if I can’t log in at all? A: Start Google’s account recovery process as soon as possible. If you’re still locked out after recovery attempts, visit YouTube’s official hacked channel support resources for next steps. |
| Q: How do I know if the hacker is fully kicked out? A: Review your Google Account security settings, logged-in devices, recovery email/phone settings, and channel permissions. Remove anything unfamiliar and enable 2FA to reduce the chance of re-entry. |
The post YouTube Channel Hacked? Restore Owner Access and Stop Live-Stream Scams appeared first on McAfee Blog.
It’s Friday the 13th, but you have nothing to fear online if you’re scam-savvy and well protected.
Every week, we round up the biggest scam and cybersecurity stories of the moment so you can recognize red flags, protect your accounts, and avoid the most common traps scammers are using.
This week in scams, we’re talking Valentine’s Day, deepfake deception, and online privacy.
Let’s jump in:
Valentine’s Day is supposed to be peak season for connection. But for scammers, it’s peak season for something else: emotional leverage.
New McAfee research shows romance scams are not rare edge cases, they’re becoming a common part of the online dating experience. In fact, 1 in 7 American adults (15%) say they’ve lost money to an online dating or romance scam. Even more alarming: of the people who lost money, only 1 in 4 (24%) were able to recover all of it.
And many scams start exactly the way real relationships do.
One McAfee interviewee, Jules, a healthcare professional in her 40s, joined a dating app hoping to meet someone as a busy working single mom. She met “Andy,” who seemed local, charming, and emotionally invested. He didn’t rush into money. He built trust. He mirrored her life. He made her feel safe.
Then he introduced a “crypto opportunity” that looked legitimate. The app showed gains. She even withdrew small amounts at first. But weeks later, her account froze, and she was told she needed to pay a $25,000 “tax payment” to unlock it.
She paid. Then the account froze again.
By the time Jules realized the truth, she had lost more than $80,000, including $25,000 borrowed from her elderly mother.
This is the new shape of romance scams: slow, believable, and psychologically engineered. McAfee Labs also reports that romance-related scam activity spikes during peak dating season, including fake profiles, cloned apps, and AI-driven spam behavior.
Key red flags to watch for
While scams can take many forms, most follow a familiar pattern. Understanding the progression can help people recognize risk earlier.
| Stage | The Red Flags / How it Unfolds | What the scammer wants | What to do instead |
| 1) The hook | A friendly DM, a “wrong number” text, a dating match, a comment reply, a follow request | A response. Any response. | Don’t move fast. Keep the convo on-platform. Don’t give out your number. |
| 2) Love bombing | Daily messages, fast intimacy, mirroring your interests, “I’ve never felt this way” | Trust and routine | Slow it down. Ask for a real-time video call and a specific, verifiable detail. |
| 3) Private channels | “Let’s talk on WhatsApp/Telegram/Signal.” “Don’t tell anyone yet.” | Control and privacy | If someone pushes you off-platform quickly, treat it as a red flag. |
| 4) Building credibility | A “job” story (military, oil rig, entrepreneur), polished photos, voice notes, even AI-assisted video | Believability | Verify independently. Reverse image search photos. Watch for inconsistencies. |
| 5) A financial request | A “small” emergency, a plane ticket, a crypto opportunity, “help me unlock my account,” gift cards, payment app request | Money or financial access | Never send money to someone you haven’t met. Never share financial info or account details. |
| 6) Escalation | “I need a verification code.” “Can you receive money for me?” “Open an account.” “Co-sign.” | Identity theft, account takeover, new credit | Never share MFA codes. Don’t open accounts for anyone. Lock credit if you’ve shared info. |
| 7) Ghosting | Ghosting, deleted accounts, new persona, rinse-and-repeat | Exit before consequences hit them | Preserve evidence, report, and secure your accounts immediately. |
Key point: the scariest scams may never send you a sketchy link. They may only send convincing words, and the pressure to act.
Deepfake scams used to sound like something only elite hackers could pull off. Not anymore.
Reporting from The Guardian highlights a new analysis from AI experts suggesting deepfake fraud has gone “industrial,” meaning it’s now cheap, scalable, and increasingly accessible to non-experts. Researchers tied to the AI Incident Database described a landscape where impersonation scams are becoming one of the most common types of AI-driven incidents reported month after month.
Instead of crude phishing emails, scammers can now use AI tools to generate:
One example described in the reporting involved an AI security CEO who posted a job listing and quickly received a referral for a candidate who looked perfect on paper. The resume was strong. The emails were polished. The interview was scheduled.
But when the video call began, the candidate’s image loaded slowly, and the background looked artificial. The face was blurred around the edges. The person glitched slightly as they spoke. A deepfake detection firm later confirmed: the interviewee was AI-generated.
The most unsettling part? Even the target didn’t know what the scammer was after…. a salary? access to internal systems? company secrets?
This is what makes deepfake scams uniquely dangerous: they’re not always about stealing money immediately. They’re often about getting trust, access, and leverage first.
Key red flags of deepfake impersonation scams
This is also why deepfake fraud is so effective: it exploits the assumption that “seeing is believing.” In 2026, that assumption is no longer safe.
This is also backed up by McAfee’s previous research. In 2025, McAfee Labs conducted a study of 17 different deepfake-creation tools and found that for just $5 and with just 10 minutes of setup time, scammers can create powerful, realistic-looking deepfake video and audio scams.
Not every scam story this week is about criminals. This update is about fighting scammers, as shared by Google.
Google announced this week that it has expanded its “Results about you” tool, which helps people monitor and remove sensitive personal information from Search results. Previously, the tool focused on personal contact details like phone numbers, email addresses, and home addresses.
Now, users can also request the removal of Search results that include highly sensitive information like:
Google is also making it easier to request removal of non-consensual explicit images, allowing users to submit multiple images at once rather than reporting them individually.
This matters because personal data is often the fuel behind the scams we’ve been tracking all year, including romance scams.
Removing sensitive data from search results doesn’t erase it from the internet completely but it can reduce how easily scammers can weaponize it. To take your online privacy to the next level, consider McAfee’s Personal Data Cleanup, which will help remove your personal information across the web.
What this tool helps protect against
The scam lesson here is simple: the less information scammers can find, the harder it is for them to tailor the con.
This week’s scam pattern is all about emotional manipulation + AI credibility + personal data exposure. The best defense is slowing down and verifying before you trust.
Here are the smartest moves to make right now:
We’ll be back next week with another roundup of the scams making headlines, and what you can do to stay ahead of them.
The post This Week in Scams: How Jules Lost $80K in a Romance Scam appeared first on McAfee Blog.
Login