A Google lawsuit filed last week reveals how a prolific group of fraudsters is taking advantage of AI to run a large-scale phishing operation. The group, which federal law enforcement is calling “Outsider,” has been using Google’s Gemini to build thousands of fake websites, which the FBI says have caused $1.9 billion in losses since July 2023.

Outsider’s scheme works by sending attention-grabbing text messages that get consumers to visit bogus sites. According to the Wall Street Journal, the group has spent the past few years flooding American smartphones with fake texts claiming undelivered packages and unpaid toll fees. The latest scam involves impersonating phone companies.

The ruse starts with a fake alert where Outsider impersonates your mobile carrier. They say that your rewards points are about to expire and to “log in immediately” to claim prizes like free headphones or Apple Watches. But the link included in the message leads to a counterfeit website. Once there, you will be asked to submit a one-time password for your financial institution while the scammers track your keystrokes.

The sites, generated with AI-assisted code, mimic actual carrier websites, making it difficult to differentiate from the real thing. The FBI says the group has created more than 8,000 such sites so far.

Must Read

• Gold Just Pulled Back From Its Record -- Why Some Retirees Are Buying the Dip
• 10 Smart Ways Seniors Are Earning Extra Money
• Two Investing Tools Everyone Needs to Build Wealth

Google says in its lawsuit that it received roughly 55,000 reports of suspicious messages linked to these scams on Android’s default texting app in just a two-week window in May. The company is now asking a federal court in New York to shut down Outsider’s websites and communication channels because the use of Google’s products and logos hurts its public image.

While the case plays out, remember: If you get a text about rewards points expiring, a package held up in transit or an overdue toll — especially one with a link — don’t tap it. Go directly to your mobile carrier’s or bank’s official app or website to check whether anything is actually pending on your account.

Other current scams to watch out for

GLP-1 bait and switch

A telehealth network has allegedly been charging customers hundreds of dollars for compounded GLP-1 drugs they never requested. The network operates under several names — including Zealthy, FitRx, RoenRx and AMRx — registered to addresses linked to the same CEO.

In a pattern documented by Wired Magazine, victims signed up for what appeared to be a modest membership fee before waking up to a charge of $800 or more for a three-month drug supply. The drugs were prescribed by a physician’s assistant they never spoke with, while the cancellation policy only cited vague “privacy” and “supply chain” concerns.

Before signing up for any online prescription service, search the company name alongside words like “scam” or “reviews” and read the cancellation policy before entering your payment information. Also, verify whether the Federal Trade Commission has any active or past actions against the provider at ftc.gov.

Must Read

• Gold Just Pulled Back From Its Record -- Why Some Retirees Are Buying the Dip
• 10 Smart Ways Seniors Are Earning Extra Money
• Two Investing Tools Everyone Needs to Build Wealth

Apple high alert phishing

A phishing campaign targeting Apple users is circulating via phone calls, emails, texts and browser pop-ups, tricking them into handing over their Apple ID credentials or payment details. The messages falsely claim that suspicious activity has put the recipient at risk and instructs them to act immediately or face consequences like deleted photos or unauthorized charges.

The scam works solely off of social engineering. It’s built on urgency, with phrases like “Security Breach Detected” or “Your iPhone Has Been Compromised” showing up on your phone.

If you receive one of these messages, don’t interact with it. Apple is reminding customers that it will never ask users for their Apple Account password or two-factor authentication codes. Instead, to verify everything is alright with your account, go directly to Apple’s account portal or contact Apple through its official support page at support.apple.com Some red flags to watch for are links pointing to any domain other than apple.com, email addresses that don’t end in @apple.com and any message demanding you install an app or hand over a verification code.

Protect your digital life: See Lifelock’s current identity theft plans and get your first year of the standard plan for just $7.99 a month

The most common types of scam you should know

Scammers are constantly upping their game, coming up with new and exciting ways (for them) of fooling their targets. AI-powered scams are one example of this; the technology is being used to reach a larger number of people with increasingly more convincing schemes

But some tricks never run out of style. Most scams fall into a handful of familiar patterns, and many long-standing schemes are still a threat today. They’ve just evolved to better fit today’s digital landscape

1. Imposter scams: Scammers often pose as trusted figures such as government agencies, banks, employers and even friends or family to pressure victims into sending money or sharing personal information
2. Phishing and spoofing scams:
 These scams use emails, texts or phone calls that look like they’re from legitimate organizations. The goal is to trick you into clicking a malicious link, downloading malware or handing over sensitive information
3. Online shopping scams: Fraudsters can create fake online stores or listings with hard-to-find items at unusually low prices. After you pay for an article, what you end up getting might be counterfeit — or it may never arrive in the first place
4. Investment scams: This type of scam often arrives with promises of high returns from crypto, forex or other “exclusive” opportunities. Many involve long-term grooming tactics in which victims are encouraged to invest more over time before losing everything
5. Romance scams: Some scammers try to get into your pocket through the heart. They build a relationship with you on dating apps or social media, then convince you to give up money and assets by fabricating emergencies or investment opportunities

Plans for everyone: Check out Aura’s identity theft options for you and your family, starting at $9 a month when you pay annually

What to do if you’re the target — or victim — of a scam

No one is immune to scams or fraud, but a few consistent habits can reduce their danger and the damage they cause

For starters, be skeptical of unsolicited messages, especially those creating fear or urgency. This might look like an email from your bank threatening to close an account, a text from an online marketplace saying you’ll lose a discount or a call from the IRS claiming they’ll report you to the authorities unless you “act now.”

Scammers love to use this sort of language because it puts you on the spot, which they expect will move you to action

Always verify any requests from an organization by cross-checking with its official phone numbers, email or website. And don’t click any links, download attachments or respond to messages you suspect may be fraudulent. A legitimate organization will not pressure you for instant action or secrecy

Now, if you’ve already sent financial information or money to someone you suspect is a scammer, you’ll need to take a few steps to protect your data and possibly get your money reimbursed. Contact your bank, credit card issuer or payment platform immediately and attempt to stop or reverse the transactions. Make sure to change any relevant passwords and enable multi-factor authentication to safeguard your accounts, too.

Reporting a scam might also help protect others. You can file a report with the Federal Trade Commission and with local authorities at your nearby police department or sheriff’s office. Identity theft victims should also consider temporarily freezing their credit

Lastly, review your financial statements and credit reports regularly, keep your software updated and limit how much personal information you share online. Scammers often rely on publicly available details to make their schemes more convincing

Must Read

• Gold Just Pulled Back From Its Record -- Why Some Retirees Are Buying the Dip
• 10 Smart Ways Seniors Are Earning Extra Money
• Two Investing Tools Everyone Needs to Build Wealth