Well, we're a little ways into 2025 and scammers have been busy.

Once again this year, we have a bunch of new scams and new variations on scams that you'll

want to be aware of. But the good news is that for most of these, simply knowing about them is

enough to protect yourself. So let's just get into it. Starting off, we have the unpaid tolls scam.

Unpaid Tolls Scam Texts

You may have actually gotten a bunch of these by now, I know I have. For this one, you'll get a

text message claiming to be from some regional toll paying system like EZ-Pass or FastTrack,

depending on where you are. It really depends on the area code of the phone number who they target.

And it'll say that you have "this amount" of unpaid bills and any threat, like you'll suspend

your license or have fines if you don't pay it up. And it'll have some kind of link to a site where

you're supposed to go and pay the fine. Of course, it's a fake phishing site. And when you put in all

your payment details, they steal it and run up a bunch of money on your card. Alright next up,

Paypal “Address Added” Scam Email

we have a scam email involving PayPal, where you get an email saying that an address was added to

your account and has a bunch of info about some order you supposedly made, and you're going to be

charged for it, something like that. But the crazy thing is, the email actually does come from the

real PayPal domain. And then in the body of it, it has an email address you're supposed to contact or

a site you're supposed to go to. And eventually they tell you to contact support and download a

remote control software thing, and they basically hack you. And the idea is the scammers are trying

to trick you into thinking maybe your PayPal email was hacked and they added an address and placed an

order to wherever. But in actuality, what happens is there's no order on your account. Apparently

it works by them adding a "gift address" to their own account and somehow putting your email address

into it, so that it sends a notification to you. But they put the scam message in the address field

itself. So this whole message part is actually part of the address box that they filled out.

So that's why it's included in the email. Alright next up, we have what I'm calling

Windows “Run Command” Scam

the "Windows Run Command" scam. This one is going to start off a variety of ways, but it's usually

going to involve a scam website that you visit unknowingly. And it gives you instructions saying

that for whatever reason or excuse, you need to press the Windows + R command, which will bring

up this Run box. And then it says to press Control + V and then Enter, which if you don't know, will

paste the command that it copied the clipboard into the run box. And then when you press enter,

it runs that command in Windows. You can probably see where this is going. They cleverly add dummy

text at the end of the command so that it kind of overflows and you can't see the actual command on

the left, which in reality downloads a virus file and runs it on your computer. And then who knows

what it does from there. It could be anything. So needless to say, if any website tells you

to bring up the Run box and run a command on your computer, do not do that. Alright moving

on real quick. This video is not sponsored, but if you've been enjoying it so far, feel free to

share it with friends and family, because the nice thing is they don't actually have to do anything.

Simply watching the video and knowing about the scams is enough to protect yourself against it.

So feel free to share it, give it a thumbs up, all that good stuff, and let's continue. This

“I Accidentally Reported You” Scam

next scam is usually called the "I Accidentally Reported You" scam, and it's not actually new,

but it has been making its way onto more platforms where users have not encountered

it yet. Specifically, it's been common for years on Steam and Discord, but apparently has been

making its way onto Twitter and likely Facebook and Instagram pretty soon. The way it works is

roughly the same regardless of the platform, like this example on Twitter. You'll get a message from

a random person with some kind of varying story that always ends up saying, for whatever reason,

they mistakenly reported your account. And they'll claim that they got some kind of confirmation

email or message saying that your account is going to be banned because they reported you, and they

"just want to help to make sure that you don't get mistakenly banned." If you respond, usually the

next step involves them telling you to contact another account that's also in on the scam,

that will supposedly be some kind of site admin. And when you message them, they'll say that you

have to "verify" your account with usually a cash payment of money. And they'll give whatever excuse

for why you need to pay money to verify, and that's the end goal. The truth is that it doesn't

even matter even if someone did mistakenly report you. Every site's reporting system goes through a

review. They're set up to handle false reports, so the logic doesn't really hold up if you think

too much about it, but I guess it seems plausible enough for some people. Alright moving on, we have

Shopify Fake Order Scam

another scam that I actually recently got myself and had never seen before, and it's a Shopify fake

order scam. What's interesting is I actually got a notification on my phone from the Shopify app. I

wish I had screenshotted the notification, but you can see here that it actually puts a fake

order in my order history on the shop app. The notification said something along the lines of,

"Your order from Help Center is ready to ship," a normal notification, and when you look at the

actual order, it shows that there was a purchase for some nonsensical AI name for about $1,000 and

claims that the name of the store is "Help Center", which for me, that was an immediate

red flag that it was a scam. However, the scam here was not that an actual order was placed on

my account and charged to my card. I checked all that, there wasn't. What seems to have happened

is at the same time that I received this order notification, I got an email about a "FedEx" order

that was supposed to be shipped and they need to verify something, and this came at the same time

and was also claiming to be from "Help Center". In the email, it just said to contact a Gmail

address for FedEx. Yeah okay, very legitimate (sarcastic). And who knows where it would have

gone from there. Interestingly, there didn't seem to be any way to contact the supposed store in the

app. If I clicked on the store, it just opened a blank thing. So I'm not sure if they intended for

me to even get the notification or if it was just meant to be the email and that was kind of a side

effect. But still, if you get some kind of order confirmation from Shopify and you don't see any

actual charges on any of your accounts, you can probably ignore it because they just want you to

contact them to supposedly cancel this order and then get a bunch of info from you and do something

else. Alright moving on, next up we have what I would call "App Authorization" scams. For context,

App Authorization Scams

you know how some websites let you log in with your Google account or Twitter or whatever,

and then it'll say "You give this site permission to see your email address", stuff like that. Or

sometimes you're using a service that connects to your Google account. You are asked to give it

permissions and see what they are. Well, you need to always be very careful when granting

permissions just to log in or grant access and see what those permissions are because sometimes they

can be very powerful and effectively control your entire account. This one Twitter user showed how

he got contacted by a scammer who sent him what looked like a thing to connect Google

Calendar. And it looks like a legitimate Google Calendar app, but it was fake. The scammer just

made it the same name with the same icon, and you can see all the permissions that it gives.

So when he authorized what he thought was Google Calendar, then the scammer had complete access

to his account and was able to tweet out scams. But this type of scam can also manifest itself

in other clever ways. For just one other example, there are these fake Counter-Strike game streams,

which supposedly are from professional streamers, and these are impersonations.

It's not actually the real person streaming. And it'll have a QR code telling the viewers to

scan and get free skins for the game. And then when you go to the site, it says that you have

to log in with your Steam account. And again, it grants access to your account where the scammers

can steal your entire inventory, which actually has real value. Next up, I have more examples

Notification System Abuse Scams

of ways scammers have been abusing otherwise legitimate email notification systems from

websites. Sort of like how the PayPal email came from actualpaypal.com, they'll often do similar

things with other sites. So one example is Google Drive shared file links, where you'll receive a

Google Drive “Shared File” Emails

Google Drive notification email that a document was shared with you. And they'll have titled the

document such that it has a name that looks like Wells Fargo, or I even got one for a law firm or

something. And it's always going to have some kind of urgent message that you have to "visit

some site to do whatever". And it'll usually be an attached PDF that links to a phishing site. Now,

you might be wondering, "why would they use Google Drive to share a Wells Fargo scam?" And really,

it's just to get past the spam filters. A Gmail Drive notification email is a lot less likely to

go to the spam filter than if they had just sent it from some random no-name web domain.

YouTube “Private Video” Notifications

This next example is very similar, except they use YouTube private video sharing notifications.

So I've gotten some like this recently where it says "a private video was shared with you."

And then basically the scammers had uploaded a private YouTube video with a deceptive title,

such as in this case, "Changes in monetization policy and check the description". And then if

you were to go to that and check the description, it would probably say, "log in here to verify your

account," who knows what. And this example targets YouTube creators like myself obviously, but really

it could be for anyone. And you can also see that they named the channel "Notification for YouTube

Creators" to make it look more legitimate. And again, the reason they do it this way is so that

it gets past the spam filter. So just know that simply looking to see, "Oh, well this email came

from google.com. It must be legitimate," is not exactly foolproof. Next up, this one is more of

More Legitimate Sounding Scam Messages

a general thing to watch out for. And that is scam and phishing emails that sound way more legitimate

than you would think, thanks to AI these days. For a specific example that I've been getting,

targeted again towards YouTube creators, is fake sponsorship emails like this one claiming

to be from NVIDIA. And they go through a whole thing, they definitely had AI just generate it.

And I believe eventually they want you to contact them back. They send you some kind of agreement or

contract that's a virus. However, I've gotten a ton more of the same type of thing from claiming

to be different companies like Sony, Logitech. And again, these are all perfectly well written. And

even the Sony one has a nice layout and stuff, but they're completely fake. And I can tell especially

because they all come from the same domain, which is just a free email provider. So in this case,

checking the "From" address is critical, but just in general, be aware of this. But I've seen other

varying examples like invitations to come on a podcast. And it's usually the same thing,

they send you a document that you're supposed to open and it's a virus. But it's not always just

through email. I've also gotten DMs on Twitter, especially where it'll be a fake PR manager,

they claim to be for some company. Like this one is Duolingo and it's even a verified account.

Though verified doesn't mean much on Twitter anymore. And if you go onto their account, they

literally just retweeted a bunch of posts from the original company they claim to be representing,

but they're not associated with them in any way. So for emails, at least you can usually just

verify that the email comes from the actual domain associated with the business. But also thanks to

More Realistic Scam Websites

AI, you have to be aware of scam websites that look more legitimate than ever. For example,

Fake Browser Updates

there's been recently a virus campaign claiming to require that you have to update your Chrome

browser. And this targets not just Windows, but MacOS as well. And you can see that the

site looks pretty much exactly the same as the true Chrome website. And if you are on macOS,

it even has instructions that are claiming to be helpful, for how to right click and open and run

the file and then type in your password. And when you do that, it's a "stealer", they're called.

It's a type of malware that steals all your browser session cookies, so that they basically

have a carbon copy of all your logins. So they don't even need your passwords. They're already

logged into your account when they put it on their computer. So they just steal all your stuff.

General Tips

Alright now finally, some general tips and advice. First of all, I didn't really go over any phone

scams besides the texts. But these days, robocalls and scams are so common, I honestly would just not

even bother picking up the phone if you're not expecting a specific call, or you have to for

your work. The way I see it, if it's important enough, someone will leave a voicemail. And at

least on iPhone, you can actually have it just completely silence calls that are from someone not

in your contact list and send it immediately to voicemail. You might want to consider enabling

Desktop Specific Tips

that. Next, a couple of tips on the computer side of things. If you happen to use Chrome browser,

Google Chrome: Enhanced Security Mode

I would consider enabling their "Enhanced Protection" feature. This is under "Privacy and

Security" and then "Security". And this is just a little bit more real-time and faster at detecting

scam websites. It doesn't rely on lists that are updated maybe every several hours. It'll go

and check a much more up-to-date list. If you use Microsoft Edge browser, there's a similar setting.

Microsoft Edge: Enhanced Security Mode

This is under "Privacy Search and Services", and then look for "Enhance My Security on the Web."

And I would set that to balanced. That makes it so it enables extra protections that might

break a website, but it'll only do it on sites you don't visit often, which probably makes the most

sense. And also Microsoft Edge, but not Chrome, has a new feature called "Scareware blocker",

Microsoft Edge: “Scareware Blocker” Feature

where it'll use AI to detect, again, fake tech support type sites or just scam sites in general.

It might not even be on the most up-to-date list of scam sites, but it'll do it on your computer

itself and detect that it's a scam potentially. So that's another one you might want to enable.

So hopefully all this was very helpful to you. Let me know what you think down in the comments.

Have you encountered any of these?