Google is actively fortifying its Android platform against widespread scams, detailing the massive scale of its defense efforts. Every month, the company’s built-in protections on Android devices successfully safeguard users globally from over 10 billion suspected malicious calls and messages. On top of that, Google has preemptively blocked more than 100 million suspicious numbers from utilizing Rich Communication Services (RCS), the modern standard for SMS, preventing these scams from even being sent. These actions are part of a continuous effort that has seen the company implement various safeguards in recent years, including using on-device artificial intelligence to automatically filter known spam and shunt it into a designated “spam & blocked” folder within the Google Messages app.
The company recently enhanced its user protection by globally rolling out safer links in Google Messages. This feature warns users before they click on any URLs in a message that has been flagged as spam, effectively preventing visits to potentially harmful websites unless the user explicitly marks the message as “not spam.” In terms of the types of attacks being mitigated, Google’s August 2025 analysis of user-submitted reports identified employment fraud as the most prevalent scam category. In these schemes, individuals seeking work are drawn in by fake job opportunities, the true goal of which is to steal their personal and financial information.
Beyond job-related cons, other prominent scam categories include financially-motivated schemes that focus on bogus unpaid bills, subscriptions, and fees, as well as fraudulent investment schemes. The company also noted the presence of scams related to package deliveries, impersonation of government agencies, romance, and technical support. A particularly interesting evolution in tactics is the increasing use of group chats for scam messages, as opposed to direct one-on-one communication.
Google suggested this tactical shift may be intentional, noting that group messages can appear less suspicious to recipients. This effect is often magnified when a scammer includes an accomplice in the group chat to validate the initial message and create the illusion of a legitimate conversation. Furthermore, the company’s analysis found that malicious messages adhere to a “distinct daily and weekly schedule.” Activity typically starts around 5 a.m. PT in the U.S. and then peaks between 8 a.m. and 10 a.m. PT. Mondays generally see the highest volume of fraudulent messages, aligning with the beginning of the workday when recipients are likely to be busier and potentially less vigilant about incoming communications.
Many of these scams share common initial techniques, often starting with a “Spray and Pray” approach. This involves casting a very wide net with the hope of ensnaring a small number of victims by creating a false sense of urgency—for example, through lures tied to topical events, package delivery notifications, or toll charges. The primary goal is to rush targets into clicking on malicious links without much thought. These links are frequently shortened using URL shorteners to mask dangerous destination websites, ultimately seeking to steal the victim’s personal information. Alternatively, scammers employ a more calculated method called “Bait and Wait,” a personalized targeting approach where the threat actor deliberately establishes rapport with a target over an extended period before making their final move. Scams like romance baiting, also known as “pig butchering,” are typical examples of this slower, high-effort category.
Reference:
