Many years ago, the philosopher Phaedrus said, “Things are not always what they seem; the first appearance deceives many; the intelligence of a few perceives what has been carefully hidden.” He couldn’t have possibly imagined today’s world, yet his warning encapsulates deepfakes, one of the greatest threats of modern times. As AI advances, digital disinformation is blurring the lines between fact and fiction.

There is a type of scam where victims are contacted by someone fraudulently posing as a popular trusted entity (e.g., Amazon, U.S. Post Office, etc.), law enforcement, or an intelligence agency that initially claims to have evidence linking the victim to a global, spy-like scam. Initially, the victim is befuddled, clueless and scared. The caller then asks the victim to hold on as they are then passed to one or more purported national law enforcement agencies.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’ll look at three common holiday season scams and how to spot and avoid them. ‘Tis the season to be jolly—and wary. The holidays are the time when friends and families come together, make merry, and revel in the festivities.

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data. Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.

With the exponential expansion of AI, bad actors are frothing at the mouth. Advanced technology for automating social engineering techniques that previously required technical know-how is now within arm’s reach of anyone with a keyboard. Attempts to exploit and deceive are more common than ever, and they are emptying business’s pockets. In 2023, 800 businesses worldwide reported fraud losses totaling 6.5% of their revenue, amounting to $359 billion.

Learn how to spot fake online giveaways like a pro.

Before you prove your humanity to a pop up, make sure you’re not accidentally downloading malware.

Vishing attacks, also known as voice phishing scams, are the newest way for cybercriminals to take advantage of weak spots. What is a vishing strike, though? Vishing is a type of social engineering scam in which people are tricked into giving up private information like passwords, credit card numbers, or business details over the phone or through voice mail. Vishing is different from phishing emails because it involves talking to people in person.