Scam Watch

This is now the top email threat of 2026. Attackers use AI to craft perfectly written, highly personalized emails that match your company’s tone and style. Over 82% of phishing emails detected in early 2026 were AI-generated, and they have a 60% higher click rate than traditionally written scams. You can no longer rely on poor grammar or awkward phrasing as warning signs.

An email appears to come from your CEO or a senior executive, urgently requesting a wire transfer, gift card purchase, or change to payment instructions. AI is now used to mimic the exact writing style of executives, making these nearly indistinguishable from legitimate messages. Business email compromise caused $2.7 billion in losses in 2024 alone.

A new and rapidly growing threat — up 500% in Q4 2025. You receive an email with a fake invoice, subscription renewal, or security alert urging you to call a phone number. Unlike links, phone numbers bypass email security filters. Once you call, attackers use social engineering to trick you into installing remote access software or revealing credentials.

A scammer compromises a vendor’s email account or spoofs their domain and sends a fraudulent invoice or updated banking details notice. Vendor email compromise attacks rose 66% in 2024, and 72% of employees engaged with test vendor compromise emails in security research — 90% higher than other types of business email compromise.

Microsoft is the most impersonated brand in phishing attacks, accounting for 25% of all brand phishing in 2025, followed by Google at 11%. Emails warn of unusual account activity and link to convincing fake login pages. DocuSign, Adobe, PayPal, and LinkedIn are also frequently impersonated. A compromised Microsoft 365 or Google Workspace account gives attackers access to your entire digital operation.

The IRS flagged these as top threats in its 2026 Dirty Dozen list, published April 2026. Scammers send emails impersonating the IRS, QuickBooks, TurboTax, or Docusign claiming issues with your filing or requesting document review. Clicking links can install malware including ransomware. AI robocalls now mimic IRS agents with voice cloning. The IRS reported over 600 social media impersonators in fiscal year 2025.

Scammers monitor real estate transactions and intercept email communications between buyers, sellers, agents, and attorneys. At a critical moment they send fraudulent wire instructions appearing to come from a legitimate party. Funds sent to the wrong account are rarely recovered. The NJCCIC continues to receive regular reports of these incidents in New Jersey.

A pop-up, email, or phone call claims your computer has a virus or security problem and instructs you to call a number or allow remote access. The caller poses as Microsoft, Apple, or another tech company. Once they have remote access, they install malware, steal data, or demand payment to fix a problem that does not exist.

Scammers pose as the IRS, Social Security Administration, Medicare, FBI, or local government agencies claiming you owe money, are under investigation, or need to verify personal information. In 2025, scammers even impersonated senior U.S. government officials and White House staff to target individuals and their family members.

With over 1.17 million U.S. layoffs in 2025, employment scams are making a significant comeback in 2026. Scammers post fake jobs on legitimate job sites, impersonate real companies, or contact job seekers directly. Goals include collecting personal information, Social Security numbers, or upfront fees for “training” or “equipment.” Some fake jobs ask you to “like” or “rate” content online.