Think Before You Click: 2025’s Biggest Cybersecurity Scams Revealed

Every October, Cybersecurity Awareness Month reminds us that protecting our digital lives is no longer optional — it’s essential. In 2025, the stakes are higher than ever. Cybercriminals are leveraging artificial intelligence (AI), deepfakes, and social engineering to launch increasingly sophisticated attacks. 

To protect personal data or business assets, it is important to know the latest scam trends. Adopting cybersecurity best practices is essential. 

The latest cybersecurity scam trends 

AI-powered phishing and deepfakes 

AI is revolutionizing both cybersecurity and cybercrime. Defenders use this technology to find problems and automate threat responses. Attackers use this technology for harmful purposes.  

Phishing is a type of cyberattack where criminals pretend to be trustworthy entities. These scams often impersonate executives, financial advisors, or customer service agents, making them nearly indistinguishable from legitimate communications. Their goal is to trick people into giving away sensitive information. This information can include passwords, credit card numbers, bank account, or login details.  

Scammers use AI-driven phishing scams for messages that look real. They can also clone voices and make deepfake videos, convincingly replacing or manipulating a person’s face, voice, or actions. These tactics are increasingly targeting retirement accounts and wealth portfolios, tricking victims into approving fraudulent transactions. 

Tip: Always verify unexpected requests through official channels — especially those involving financial decisions. 

Imposter and “wrong number” scams 

Scammers are increasingly posing as banks, government agencies (like the IRS), law enforcement agencies, familiar businesses, or even friends via text or email. One common trick is the “accidental text” scam. With this type of approach, fraudsters start friendly chats to gain trust. Then, they ask for money. 

You might get a text from a number you don’t recognize that simply says, “Hello” or “How are you?” These scams rely on emotional manipulation and familiarity, making them particularly effective. 

One of the signs of scam messages is a quick call for action. The message usually urges you to “Act now.” For instance, a fraudulent text from your bank might say, “Protect your account from fraud now,” and include a malicious link. A recent scam was texts claiming toll money was owed. 

Losses from job scams more than tripled from 2020 to 2023.¹ In the first half of 2024, losses reached over $220 million. Imposter scams may offer a remote or temporary job for an advance fee. They might also provide a fake application to collect data for identity theft.  

Tip: If a message feels off — especially from an unknown number — don’t engage. Verify identities before responding.  

Romance scams 

Romance scams online have surged, especially around holidays like Valentine’s Day. Fraudsters exploit dating apps and social media, using AI-generated images and emotional manipulation to lure victims into sending money or compromising content.  

In 2023, romance and confidence scams (such as the wrong number scam) led to a financial loss of at least $652 million, per an estimate by the FBI.² The number of romance scams increased 14% from 2023 to 2024, reaching a six-year high. 

Tip: Be cautious when forming online relationships. Never send money or personal information to someone you haven’t met in person. 

Crypto and investment fraud 

With cryptocurrency’s popularity, scammers are targeting digital wallets and promoting fake investment opportunities. Scams often use high-pressure tactics to entice victims into making hasty financial decisions. The decentralized nature of crypto makes it harder to trace and recover stolen assets.  

If you get a strange call, text, or email from someone claiming to be with Mercer Advisors, don’t ignore it. If you don’t know their voice or name, contact your wealth advisor. They can help you check if the message is real. 

Tip: Always consult a trusted financial advisor before making investment decisions — especially if the offer seems too good to be true. 

QR code scams and voice cloning  

Malicious QR codes are another rising threat. Scammers embed them in posters, emails, or websites, redirecting users to fraudulent sites that steal credentials.  

Meanwhile, AI-cloned voices in robocalls make phone scams more convincing than ever. Imagine receiving a voicemail that sounds exactly like your manager, urging you to click a link or share sensitive information and later discovering it was a voice cloning scam. 

Tip: Avoid scanning QR codes from unknown sources. Confirm voice messages through a known contact method. 

Tech support scams

Scammers call or send messages claiming to be from a well-known software company and warn of a computer problem. They will then try to get you to pay for a fix that isn’t needed or to gain remote access to your device.  

For example, a text claiming to be from Apple says your phone has 10 viruses and urges you to click a link to clean it.

Tip: Legitimate tech support will never ask for remote access or payment via unsolicited messages. 

How to protect yourself 

Cybersecurity isn’t just about technology, it’s about behavior. Here are practical steps you can take to stay safe: 

• Check before you click: Always confirm requests using official channels. Use the phone number from your bank’s website or printed materials. Don’t trust unsolicited emails, texts, or links. It’s important to be vigilant and report any suspicious activity to the appropriate authorities.  

• Enable multi-factor authentication (MFA): MFA adds a crucial layer of defense. Use app-based MFA whenever possible. Reputable companies with whom you engage may ask you to sign up for MFA. 

• Use strong, unique passwords: Reusing passwords for different accounts weakens defense against data breaches. Yet, 84% of people are reusing their passwords and only 34% are updating them every month.³ Consider using a password manager to create and store complex passwords, such as 1Password or NordPass®. 

• Keep software up to date: Software that’s out-of-date is a hacker’s playground. Enable automatic updates to patch vulnerabilities. 

• Avoid public wi-fi for sensitive transactions: If you must use public Wi-Fi, connect through a secure VPN (virtual private network) that encrypts your internet movements. 

• Stay informed: Follow alerts from trusted sources like the federal government’s FTC, FBI, and CISA organizations. 

Sharing responsibility 

At Mercer Advisors, we’ve taken measures to protect our clients’ transactions through online, phone and video channels. We also have technology and policy safeguards in place inside of Mercer Advisors. See how we protect you: Mercer Advisors Security Measures. 

We approach cybersecurity as a team effort. Our employees must complete training modules annually that cover phishing scams, QR code safety, and multi-factor authentication. These programs aim to create a security-first culture. They also reinforce best practices with simulated phishing tests and short learning sessions. 

Stay vigilant 

Cybersecurity Awareness Month 2025 is a campaign but it’s also a call to action. As cyber threats evolve, our defenses must too. Whether you’re an individual protecting your personal data or a business that’s safeguarding client assets, the key is vigilance. Recognize the signs, question the unexpected, and never underestimate the power of informed skepticism. 

If you have questions about any interactions with Mercer Advisors or want to know more about our security measures, contact your wealth advisor.  

Not a Mercer Advisors client but still have questions about cybersecurity? Let’s talk.