AI Shield: Android Blocks 10 Billion Scams Monthly as Job Offers & Financial Fraud Surge
Google has released new data detailing the performance of Android’s built-in protection systems designed to combat fraudulent calls and messages. According to the company, these safeguards block over 10 billion suspicious contacts every month, aiming to prevent data theft and user deception before malicious activity can reach its target.
One of the key elements of this defense is the filter for Rich Communication Services (RCS) — the protocol that has replaced traditional SMS. More than 100 million phone numbers have been blocked before they could send even a single message. In addition, the Google Messages app employs a local neural network–based spam filter that automatically moves suspicious texts into the “Spam and Blocked” folder, keeping users free from distraction. Since October, an additional protective feature has rolled out globally: the system now warns users about potentially harmful links within messages, preventing accidental clicks until the content has been verified as safe.
Google noted that the most common scams continue to involve fake job offers. These messages use a tone of trust and promise attractive employment opportunities to extract personal data or banking information. The second most prevalent category consists of financial scams, ranging from fake debt notices and subscription renewals to fraudulent investment opportunities. Other recurring schemes include package delivery scams, impersonation of government agencies, tech support fraud, and romance scams.
An interesting trend identified by Google is the use of group chats for message distribution. In these conversations, multiple recipients are targeted simultaneously, and among them, one or more participants — also controlled by the scammers — act as decoys, creating the illusion of a genuine dialogue to enhance credibility. This strategy reduces skepticism and increases the likelihood that victims will take the bait.
Analysis of activity patterns shows that scammers follow a distinct temporal rhythm: campaigns typically begin around 5 a.m. Pacific Time and peak between 8 and 10 a.m., with Mondays being the most active day — a time when users are often distracted, hurried, and therefore more vulnerable.
The methods themselves range from mass-scale spam to carefully crafted, personalized attacks. The former consists of broad, chaotic attempts to reach as many recipients as possible, using topics such as deliveries, fines, or urgent notifications, often featuring shortened links that mask malicious websites. The latter, by contrast, relies on patience and psychological manipulation: scammers impersonate acquaintances or recruiters, exploit publicly available data, and gradually earn trust before orchestrating financial exploitation — a tactic exemplified by the so-called “Pig Butchering” scheme.
According to Google’s security team, the ultimate goal of all these operations is to extract money or sensitive data, with contact lists often sourced from leaked databases sold on the dark web. Behind these scams lies an extensive underground infrastructure, including SIM-farm suppliers, Phishing-as-a-Service (PhaaS) kits, and mass messaging services — all forming a supply chain that connects cybercriminals to their end victims.
Meanwhile, the dynamics of such attacks continue to evolve. When enforcement tightens in one country, scammers simply relocate operations to another jurisdiction, often without ever moving physically, allowing them to maintain a persistent global presence that adapts fluidly to shifting regulatory environments.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
