A recent article in The Wall Street Journal highlights a case that is sadly all too familiar – a family member is in distress, and you must wire them money to help save them. Of course, as the article reveals, the family member is not in distress – it’s a fraudster aiming to capitalize on the victim’s emotion.

In March, the Federal Trade Commission (FTC) released data demonstrating consumers had lost more than $12.5 billion to fraud in 2024, a 25% increase from 2023. Among that data, the median loss for phone scams netted out at $1,500 and the social media scams reported the highest overall losses ($1.9 billion).

We leveraged lessons learned from years of investigating scams and frauds to provide red flags and ways to protect yourself against evolving tactics by nefarious actors.

Signs of Scams and Frauds

• Lack of Official Communication. Government agencies and law enforcement almost never call, text, or email unless they have ongoing business with the individual. While they typically communicate by letter, if something seems suspicious, it is always best to independently verify the letter’s authenticity by calling the agency via the phone number list on its official website. Additionally for emails, victims may notice the sender’s address is “off” with extra or substituted characters, or come from a non-official domain (e.g., a personal email service provider).
• Sense of Urgency. Bad actors often threaten victims with an issue that needs to be resolved immediately (e.g., an arrest warrant), creating a sense of urgency which can prevent the victim from thoroughly thinking through the issue presented. This also may cause an individual to unwittingly give up information about themselves without realizing it – such as their name, or the name of a loved one. Bad actors can use this information to their advantage to sound more convincing.
• Impossible Claims. Impersonation scams are often rooted in false or impossible claims, designed to spur a victim into action. For example, social security numbers don’t expire and do not require payment to renew.
• Abnormal Scenario. Often, scams will request suspicious payment methods to resolve an alleged issue, such as paying in cryptocurrency, gift cards, or wiring a significant amount of money.
• Unprofessional or Error-Ridden Design. Telltale signs that something is amiss in an email may include typos, grammatical errors, generic greetings, unusual sender addresses, or low-quality images.
• Suspicious Attachments. As goes with all communications, individuals should never open attachments (e.g., spreadsheets, text documents) or click on URLs they did not anticipate receiving. These can be riddled with malware or direct users to malicious websites that can collect personal information.

Deep Fakes Add an Additional Layer

With the rise of technology-fueled scams, particularly with AI, individuals should be wary of photos, videos, or audio, which may initially appear real and are attempting to trick victims into acting quickly, without validating what they are seeing or hearing. There are many freely available tools, which can create convincing deep fakes using only a small amount of sample data (e.g., a few seconds of someone’s voice, one photo with someone’s face).

Like other types of schemes, threat actors are often trying to trick victims into divulging sensitive information, sending money, or giving them access to systems using intimidation and urgency.

More than ever, technological evolutions require us to be vigilant to identify malicious uses of these platforms.

Take Action:

• Monitor Your Online Presence: Be mindful of the information you volunteer on social media platforms, including photos which could identify your location through geo-tagging. Large Language Model (LLM) tools have become highly accurate at determining the exact location where photos were taken, even with limited information. Images or posts that may seem innocent can be a gold mine in the hands of a bad actor. Where possible, restrict what information is publicly available and be mindful of who you let access your online content.
• Verify Unexpected Requests: No matter how urgent or familiar it seems—pause. If it’s someone saying they are a loved one, call or message them on a known number or platform. If it’s “the government” calling, hang up and call the listed number on the agency’s legitimate website.
• Double-Check URLs & Email Addresses: Look for subtle changes in the email domain or included URLs (e.g., “rnicrosoft.com” instead of “microsoft.com,” “gnail.com” instead of “gmail.com”) and other discrepancies (e.g., personal email account used to send a message that purports to be from a business or government entity). Hover before you click on any URL.
• Be Cautious with Voice & Video: A familiar face or voice doesn’t guarantee authenticity. If something feels off, trust your gut and confirm separately. It may be helpful to create a family agreed upon code word to use to validate someone’s identity over a phone call if the circumstances are suspicious.
• Enable Multi-Factor Authentication (MFA): Even if your password is compromised, MFA adds a critical layer of defense. Always configure it where you can. Never ‘approve’ MFA requests if you are not actively trying to login to the platform a request came from. If you receive an unexpected request, reset your password to the platform you got the request from immediately.
• Report Suspicious Behavior or Activity: If you are a victim of any cyber-enabled crime or fraud, file a report with the FBI Internet Crime Complaint Center (IC3.gov). It helps them collect intelligence and enable investigative activities.

Be wary of scammers in the digital age—just as technology evolves, scenarios evolve in complexity and sophistication. By taking steps now, individuals can avoid short and long-term harm.

If you have any questions or would like to discuss these topics please reach out to Martin Narciso or David Burroughs.

To receive StoneTurn Insights, sign up for our newsletter.