Types of Cyber Crimes and Scams

Business Email Compromise (BEC) is a sophisticated fraud scheme in which criminals impersonate trusted individuals or organizations to trick victims into sending money or sensitive information.

These scams often occur when cybercriminals gain unauthorized access to legitimate email accounts through phishing, social engineering, or other cyber intrusion techniques. Once inside an email account, attackers monitor conversations and insert fraudulent payment requests or instructions, frequently resulting in financial loss. Businesses, vendors and individuals involved in financial transactions can be targeted.

How to Report

If you believe you or your organization may be affected by a BEC incident, act immediately. Quick action may help limit financial loss.

• Contact your financial institution right away and ask them to notify the receiving bank to attempt to stop or recall the funds.
• File a complaint with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
• File a police report.

Note: When submitting your report, include complete banking information such as account and routing numbers. After submission, print the IC3 report and keep it for your records.

What We Need from You

To assist with an investigation, you may be asked to provide:

• A timeline of events related to the incident.
• The amount, date, and method of any fraudulent transaction.
• A list of affected email accounts.
• Copies of suspicious or fraudulent emails including the email header and the original email.
• Any known unauthorized access to accounts or systems.
• Technical information about the incident, if available (for example, whether multi-factor authentication (MFA) is enabled and what type).
• Reports from an incident response or cybersecurity firm, if applicable.

(Not all items may apply in every case.)

Best Practices 

• Limit the personal and professional information you share online or on social media. Details such as job roles, birthdays, or family connections can help scammers impersonate trusted contacts.
• Carefully review email addresses, URLs, and message content for misspellings or unusual requests.
• Be cautious with unsolicited emails or text messages, especially those requesting urgent action.
• Do not click links or open attachments from unknown senders.
• Independently verify payment requests or changes to banking information by calling the sender using a trusted phone number.
• Be especially wary of requests that create a sense of urgency or pressure you to act quickly.
• Enable multi-factor authentication (MFA) on email, financial, and online accounts whenever possible.
• Educate employees and family members about common phishing and impersonation tactics.
• Organizations may wish to evaluate whether cyber insurance fits their risk management strategy.

Ransomware is a type of malicious software (malware) that prevents you from accessing your computer by encrypting files, systems, or networks and demands that you pay a ransom (often in cryptocurrency) to restore access or to prevent the release of data they have stolen. Ransomware attacks can cause disruptions to operations and the loss of critical information and data.

You can unknowingly download ransomware onto a computer by:

• Opening a malicious or unexpected email attachment.
• Clicking on phishing links or deceptive advertisements.
• Visiting compromised or malicious websites that contain embedded malware.
• Downloading software, free trials, or browser extensions that contain malware.
• Being exposed to malicious online advertisements.
• Exploitation of unpatched software or hardware vulnerabilities.
• Unauthorized access through compromised or stolen accounts.

How to Report

If you or your organization are victimized by ransomware, act quickly and report the incident.

• File a police report.
• File a complaint with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.

What We Need from You

• A copy of the ransom note (.hta, .txt, .html, or .info files).
• Sample(s) of encrypted files (under 1MB each; examples: .docx, .pdf, .txt, .jpg).
• The Bitcoin wallet address (or other cryptocurrency addresses) demanded.
• Ransomware email address or contact information provided by the attackers.
• Screenshots of any extortion messages, payment portals, or leaked data warnings.
• A list of affected systems and the impacts on business services.

Do not assume paying the ransom will stop the attack. Payment may lead to additional demands.

• Contact your IT provider.
• Payment does not guarantee files will be recovered and may embolden malicious cyber actors to target additional organizations, encourage other criminal actors to engage in the distribution of malware, and/or may fund illicit activities.
• Maintain offline, encrypted backups of critical data. Test those backups regularly and store them disconnected from networks.
• Create, maintain, and exercise a cyber incident response plan specific to ransomware, including communication and notification procedures, and conduct regular tabletop exercises with stakeholders.
• Implement multi-factor authentication (MFA) everywhere possible, especially for remote access, email, cloud services, and all administrator accounts.
• Keep software, operating systems, hardware, and firmware patched and up to date and prioritize remediating known exploited vulnerabilities.
• Use strong, unique passwords and a password manager.
• Train employees regularly on recognizing phishing, social engineering, detecting suspicious links, and safe browsing habits.
• Organizations may wish to evaluate whether cyber insurance fits their risk management strategy.

A Network Intrusion refers to any unauthorized access or activity on a computer network, device, system, online account, or home network. These incidents compromise the security of data and systems, potentially leading to further attacks like ransomware.

While businesses and organizations are common targets, individuals, families, small businesses, and home users are increasingly affected, often through phishing emails, weak or reused passwords, unpatched devices/software, exposed remote access (like RDP), or compromised accounts.

Having basic cybersecurity awareness and habits is key for everyone to detect, prevent, and respond effectively.

Signs of a Possible Network Intrusion

Watch for these common indicators:

• Unusual logins or account activity from unknown locations, devices, or times.
• Slow device/network performance, unexpected pop-ups, crashes, or unfamiliar programs/files.
• Unauthorized changes to settings, passwords, files, or browser homepages.
• Alerts from email providers, banks, antivirus software, or services about suspicious access.
• New/unexplained accounts, devices on your network, or high data usage.
• Receiving unexpected security notifications or password reset emails you didn't request.
• Unsolicited multi-factor authentication (MFA) requests.
• An unusual increase in email spam or a lack of expected emails.

How to Report

If you suspect or confirm a network intrusion (unauthorized access to your personal accounts, devices, home network, email, or small business systems), act quickly:

• File a police report.
• File a complaint with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.

What We Need from You

• Provide as much information as possible including what happened.
• A timeline of events related to the incident including dates/times.
• Transaction IDs (If payment was made).
• List of all IP addresses (if known), along with IP logs, application logs, and any other available system or network logs.
• Screenshots of alerts, messages, emails, logs, etc.
• List of affected accounts/devices.

Reporting assists authorities in identifying patterns and offering potential help.

What to Do Immediately If You Suspect an Intrusion

• Disconnect the affected device from the internet (enable airplane mode and turn off Wi-Fi, but avoid powering off, if possible, to preserve evidence).
• Contact your contracted IT provider.
• Change passwords from a trusted, clean device and enable multi-factor authentication (MFA) on all accounts, especially email, bank, and service provider accounts.
• Audit all accounts and usage, including old and new accounts, as well as administrator accounts.
• Run full scans with updated antivirus/anti-malware software.
• Monitor bank/credit card statements and credit reports for fraud; consider placing a credit freeze if needed.
• Avoid using potentially compromised devices for sensitive activities until verified clean or replaced.

Best Practices

Follow these essential steps to prevent network intrusions:

• Use strong, unique passwords for every account; use a password manager and avoid reusing the same password.
• Enable multi-factor authentication (MFA) on all accounts, especially email, banking, and remote access.
• Monitor and evaluate the use of RDP; require multi-factor authentication (MFA) and regularly review access logs.
• Implement network segmentation; keep critical/personal devices separate (work vs. home/smart devices) to contain potential spread.
• Patch and update operating systems, software, apps, firmware, and hardware as soon as updates are available, since many intrusions exploit known vulnerabilities.
• Keep antivirus/anti-malware solutions and endpoint detection and response (EDR) tools updated and active with real-time protection.
• Create and maintain offline, encrypted backups of important files.
• Regularly audit logs and accounts for suspicious or unauthorized activity, disable or delete unused accounts, and maintain logs for periods of up to six months whenever possible.
• Check firewall logs for unusual port usage or unexpected spikes in network traffic.
• Stay vigilant against phishing/social engineering and never click unknown links/attachments; verify urgent requests independently.

A Distributed Denial-of-Service (DDoS) attack is a cyberattack designed to disrupt the availability of a website, network, or online service by overwhelming it with a high volume of malicious traffic. By flooding the target with requests in a short period of time, the attacker exhausts system resources, rendering the service slow, inaccessible, or completely offline.

Unlike a traditional denial-of-service (DoS) attack originating from a single source, a DDoS attack leverages a network of compromised devices, often referred to as a botnet. These devices may include computers, servers, Internet of Things (IoT) devices, routers, and other internet-connected equipment that have been infected with malware and remotely controlled by the attacker.

Common Motivations

DDoS attacks may be used for:

• Extortion (payment demanded to stop the attack).
• Retaliation or harassment.
• Disrupt business operations.
• Damage a company’s reputation.
• Political or ideological motives (“hacktivism”).

In some cases, attackers use diversionary tactics to conceal other criminal activity (network intrusion or data exfiltration).

Impact

The effects of a DDoS attack can be severe and may include:

• Prolonged website or service outages.
• Lost revenue and business interruption.
• Damage to brand reputation and customer trust.
• Increased infrastructure and mitigation costs.
• Potential secondary compromise is used to mask additional intrusions.

In some cases, disruption may last hours. In more significant attacks, impacts can extend for days or longer depending on preparedness and mitigation capabilities.

Some attackers demand payment in cryptocurrency (such as Bitcoin) to prevent or stop a DDoS attack.

How It Works:

• You received an email threatening a DDoS attack.
• The attacker may launch a brief “test” attack to prove capability.
• You are instructed to send cryptocurrency to a digital wallet address.

Cryptocurrency is often requested because it can be harder to trace than traditional payments. However, digital transactions can still be investigated — especially when reported quickly.

Do not assume paying the ransom will stop the attack. Payment may lead to additional demands.

How to Report

If you or your organization is the victim of a DDoS attack, take immediate action:

1. Preserve Evidence
   • Save all threatening emails or messages
   • Record dates and times of disruptions.
   • Retain server, firewall, and network logs.
   • Document the duration, scope, and any ransom or extortion demands.
   • Avoid altering affected systems unless necessary for restoration.
   • Keep any cryptocurrency wallet addresses or transaction information.
2. Contact Your Service Providers
   • Notify your Internet Service Provider (ISP).
   • Contact your web hosting or cloud service provider.
   • Ask about DDoS mitigation tools or DDoS scrubbing services.

   3. Notify Law Enforcement

   • File a police report.
   •  File a complaint with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.

What We Need from You

Note: If the attack is significant and disrupts operations and/or the attack involves extortion, cryptocurrency demands, or significant financial impact, report this clearly in your complaint.

Include:

• Copies of any threatening communications.
• Cryptocurrency wallet addresses.
• Transaction IDs (if payment was made).

Early reporting increases the likelihood of identifying the responsible parties and preventing further victims.

Best Practices

Organizations can reduce risk and limit impact by implementing the following measures:

Technical Safeguards

• Deploy DDoS mitigation services or content delivery networks (CDNs).
• Use web application firewalls (WAFs).
• Keep software and systems updated.
• Disable unnecessary open ports and services.

Monitoring & Detection

• Implement continuous network monitoring and regularly review system logs.
• Set up automated alerts for unusual traffic spikes.
• Establish normal traffic patterns (baseline monitoring).

Prepare a Response Plan

• Develop and maintain a DDoS response plan.
• Identify key contacts at your ISP and hosting provider and consider having secondary ISPs or cloud providers for redundancy.
• Train staff to recognize extortion emails (tabletop exercises, simulation scenarios).
• Establish internal communication protocols for employees and customers.
• Maintain secure backups and continuity plans.

Risk Reduction Measures

• Secure IoT and network-connected devices.
• Use strong authentication and administrative controls.
• Segment critical network resources.
• Maintain secure backups and business continuity plans.

Social engineering involves psychological manipulation to trick individuals into revealing sensitive information, granting access, or transferring cryptocurrency. Criminals exploit trust, fear, urgency, or greed rather than technical vulnerabilities, often leading to irreversible losses due to the fast and borderless nature of cryptocurrency transactions.

These crimes frequently combine social engineering tactics with digital assets, resulting in fraud, theft, account takeovers, or money laundering. Offenders may impersonate trusted entities (banks, government agencies, exchanges, or authorities), build false relationships, or create high-pressure scenarios to:

• Convince victims to send cryptocurrency to fraudulent wallets.
• Obtain login credentials, private keys, or seed phrases for wallets/exchanges.
• Trick victims into "investing" in fake platforms or schemes.
• Impersonate celebrities or trusted figures using deepfakes to promote fraudulent schemes.
• Convince users to “update” wallet software through malicious links.
• Offer fake airdrops, sometimes including links to malicious websites.
• Exploit malvertising or look-alike browser extensions to deceive users into installing malicious tools or visiting fraudulent sites.

Common examples include investment scams promising high returns, romance scams evolving into crypto requests, tech support scams threatening account freezes unless crypto is sent, and impersonation frauds.

Phishing, Smishing, Vishing, and Spoofing

These are core social engineering delivery methods in cryptocurrency scams:

• Phishing: Fraudulent emails, websites, or links impersonating legitimate companies, such as exchanges or wallets, to steal credentials or prompt transfers.
• Smishing: Text messages (SMS) urging victims to click malicious links, share details, or send cryptocurrency, often with urgent claims like account issues or rewards.
• Vishing: Phone calls or voicemails where scammers impersonate officials, support teams, or trusted contacts to extract information or request crypto payments (increasingly using AI-generated voices for realism).
• Spoofing: Faking caller IDs, email addresses, or websites to appear legitimate, enabling the above tactics.

These methods lead to rapid, hard-to-recover losses, with recent trends showing AI enhancement, such as deepfakes, which amplifies their impact.

How to Report

1. Preserve evidence immediately by saving all relevant communications (emails, texts, call logs, voicemails, social media messages) and take screenshots. Document transaction details, including amounts sent, wallet addresses, transaction IDs/hashes, dates/times, and total financial losses.
2. Secure your accounts by changing passwords immediately, enable multi-factor authentication (MFA), and contact your cryptocurrency exchange, wallet provider, or bank if funds were transferred or accounts compromised. Freeze or monitor affected accounts.
3. Notify Law Enforcement

• File a police report.
• File a complaint with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.

What We Need from You

• Include all preserved evidence.  
• Cryptocurrency wallet addresses.
• Transaction IDs (If payment was made).
• Loss amounts.
• If a crypto ATM was used – provide receipts, QR codes, location of the ATM, and date/time of the transaction.
• Platform used, such as Coinbase, and any related malicious website links.

Early reporting aids investigations, trend tracking, potential fund tracing/recovery, and helps prevent further victimization.

Best Practices

• Verify any unsolicited request for cryptocurrency, credentials, or urgent action independently by using official contact methods (not provided links/numbers) and never act under pressure.
• Be extremely cautious of urgent, threatening, secretive, or "too-good-to-be-true" messages promising high returns, rewards, or account fixes.
• Avoid clicking suspicious links, opening attachments, or scanning QR codes from unknown sources.
• Never share passwords, private keys, seed phrases, recovery phrases, verification codes, or personal/financial details with anyone.
• Use reputable, well-reviewed cryptocurrency exchanges and hardware/security-focused wallets; enable strong MFA and monitor accounts regularly.
• Educate yourself and others (family, employees) on evolving scam tactics, including AI deepfakes and impersonation trends.
• Limit personal information shared on social media to reduce targeting for tailored attacks.

Reporting promptly and following these practices significantly reduces risks and supports broader efforts to combat these prevalent cryptocurrency-related threats.

Cryptocurrency investment fraud, often called “pig butchering,” is a sophisticated scam where fraudsters build trust with victims over time through social media, dating apps, or fake investment platforms. Once the victim is “fattened up” with false promises of high returns, they are encouraged to invest large sums of cryptocurrency. Victims quickly discover that withdrawals are blocked, and the scammers disappear with the funds.

Red flags:

• Unsolicited investment offers, guaranteed high returns, or pressure to invest quickly.
• Requests to move money into cryptocurrency wallets.
• Links to development or experimental applications, such as .DEV apps, which may be used to deploy malicious platforms or fake investment tools.

Mitigation:

• Be skeptical of unsolicited investment opportunities, especially those involving cryptocurrency.
• Verify investment platforms through independent research, regulatory registrations, and reputable app stores.
• Avoid installing or interacting with unverified .DEV apps or development platforms offered by strangers.
• Never send cryptocurrency to individuals you have only met online.
• Avoid “guaranteed” returns and consult a licensed financial professional before investing.
• If you suspect fraud, stop communication immediately and report the incident to your financial institution and appropriate authorities.

Criminals create a fraudulent email that appears to originate from a trusted or familiar source, such as a regular vendor, a title company, or a company executive (like the CEO or another official). The sender's account may have been compromised (hacked) or spoofed (faked to look legitimate), and the message typically contains instructions to wire funds, update payment details, or take some other urgent financial action.

Red flags:

• Emails relying on social engineering to exploit trust and urgency, often bypassing normal verification steps.
• Examples include:

• A vendor's email being used (or mimicked) to request changes to payment information.
• A title company's compromised account directing funds for a real estate closing.
• An executive's spoofed or hacked email demanding an immediate wire transfer for a "confidential" or time-sensitive matter.

Mitigation:

• Implement dual-approval processes for wire transfers and payment changes.
• Always verify changes to payment instructions using a known, separate communication method (a phone call to a trusted number).
• Do not share wire instructions via email if possible.
• Train employees on social engineering tactics.
• Use multi-factor authentication (MFA) and monitor for domain spoofing or unusual login activity.

Fraudsters impersonate influencers, celebrities, or companies to solicit cryptocurrency donations or payments.

Red flags:

• Unverified social media accounts requesting crypto.
• Offers that seem “too good to be true.”
• Requests for private keys or wallet access.

Mitigation:

• Verify accounts using official verification badges.
• Never share private keys, seed phrases, or wallet credentials.
• Report impersonation accounts immediately.

Hackers take over phone numbers to bypass MFA and steal cryptocurrency, financial assets, or personal data.

Red flags:

• Unexpected loss of cell service.
• Alerts about SIM or account changes you didn’t request.
• Password reset emails or unusual verification codes.

Mitigation:

• Set up a unique account PIN or passcode with your mobile carrier.
• Enable SIM/number lock or port-out protection.
• Avoid SMS-based MFA for high-value accounts; use authenticator apps or hardware security keys.
• Secure your email account with strong MFA.
• Limit publicly available personal information.
• Contact your carrier immediately if SIM swapping is suspected.

Scammers impersonate legitimate companies and offer “work-from-home” or cryptocurrency-related jobs. Victims are often asked to deposit their own money to buy software, pay processing fees, or fund transactions as part of the job. Once the money is sent, the scammer disappears.

Red flags:

• Upfront payment required for a “job.”
• Unsolicited job offers, especially via social media or messaging apps.
• Requests for cryptocurrency transactions or transfers.
• Recruiters using free email accounts instead of official company emails.

Mitigation:

• Never pay upfront fees for a job or send cryptocurrency as part of employment duties.
• Verify job offers directly through the company’s official website and contact information.
• Research the company independently before responding to offers.
• Be cautious of recruiters using free email accounts or messaging apps only.
• Do not share personal or financial information until the legitimacy of the offer is confirmed.

Ransomware is malicious software that locks or encrypts a victim’s files, demanding payment, often in cryptocurrency, to regain access. Ransomware attacks are increasingly targeted, sophisticated, and costly, sometimes affecting entire organizations.

Red flags:

• Unexpected messages demanding payment to restore access.
• Encrypted files or blocked access.
• Threats of public data release.

Mitigation:

• Regularly back up important data using secure, offline, or cloud-based backups.
• Keep systems and software updated with security patches.
• Use reputable antivirus and endpoint protection tools (EDR).
• Avoid clicking suspicious links or attachments.
• If infected, disconnect the device from the network immediately and contact IT or cybersecurity professionals.
• Do not pay the ransom without consulting law enforcement or cybersecurity experts.

Scammers form emotional relationships online through dating apps or social media, eventually requesting money or cryptocurrency from the victim. These schemes can last weeks or months before the scammer makes their move.

Red flags:

• Requests for money or cryptocurrency.
• Secrecy or pressure preventing in-person meetings.
• Rapid emotional attachment.

Mitigation:

• Avoid sending money or cryptocurrency to someone you have not met in person.
• Be cautious of rapid emotional attachment or requests for secrecy.
• Conduct reverse image searches of profile photos to detect fake identities.
• Discuss concerns with a trusted friend or family member before sending funds.
• Report suspicious profiles to the platform.

Spoofing and phishing scams trick victims into giving sensitive information, such as account passwords, PINs, or private keys. These attacks may appear as emails, text messages, or websites from trusted organizations.

Red flags:

• Unexpected messages requesting login credentials or cryptocurrency transfers.
• Poor grammar and urgent warnings.

Mitigation:

• Do not click links or download attachments from unexpected messages.
• Verify requests for sensitive information by contacting the organization directly using official contact details.
• Enable multi-factor authentication (MFA) on all accounts.
• Use strong, unique passwords and consider a password manager.
• Report phishing emails to your IT/security team.

Scammers pose as tech support representatives from legitimate companies, claiming there’s a problem with your device or account. They trick victims into granting remote access or paying fees, often resulting in theft of cryptocurrency or personal information.

Red flags:

• Unsolicited tech support calls, pop-ups, or messages.
• Urgent threats.
• Requests for remote access.

Mitigation:

• Do not respond to unsolicited tech support calls, pop-ups, or messages.
• Never grant remote access to someone who contacts you unexpectedly.
• Contact the company directly using official website contact information if you believe there is a legitimate issue.
• Install updates only from verified sources and use reputable security software.

Criminals impersonate toll authorities and threaten victims with fines for unpaid tolls, demanding immediate payment, often via prepaid cards or cryptocurrency.

Red flags:

• Threatening messages or calls.
• Pressure to pay immediately.
• Requests for unconventional payment methods.

Mitigation:

• Do not click links in unexpected toll payment messages.
• Verify unpaid toll claims directly through official toll authority websites or customer service.
• Avoid making payments via cryptocurrency, prepaid cards, or unfamiliar links.
• Report fraudulent messages to the toll authority and your mobile carrier.

Scammers claim you missed jury duty or need to pay fines to avoid arrest. They pressure victims to send money or cryptocurrency.

Red flags:

• Threats of arrest.
• Unsolicited calls or emails.
• Instructions to pay quickly.

Mitigation:

• Courts do not demand immediate payment by phone or cryptocurrency.
• Independently verify claims by calling your local court using publicly listed contact information.
• Do not provide personal or financial information to unsolicited callers.
• Hang up on threatening calls and report them to local authorities.

Scammers exploit grieving pet owners by using three common tactics: posting AI-generated photos of the “lost” pet and demanding money via Cash App, gift cards, or cryptocurrency; contacting victims who posted about their missing animal and posing as a professional K-9/drone search service that requires upfront payment; or claiming they have located the pet and that it is undergoing emergency veterinary treatment, then pressuring the victim to send money to cover fake bills. In every case, the money disappears and the pet is never recovered.

Red flags:

• Social media posts or ads featuring suspiciously perfect or AI-generated pet photos asking for immediate payment through Cash App, gift cards, or crypto.
• Unsolicited messages offering paid “search services” that mention K-9 dogs, drones, or other high-tech equipment in exchange for money upfront.
• Claims that your lost pet has been found and is at a local vet needing emergency care, with a demand to send funds right away to “cover the bill.”

Example Message:

Mitigation:

• Do not respond or send any money—no matter how convincing the story or photo appears.
• Preserve all messages, posts, and payment requests as evidence.
• Verify every claim independently by contacting local animal shelters, veterinarians, or using official lost-pet registries and microchip databases.
• Report suspicious posts or contacts immediately to the social media platform, Cash App/gift card issuers, and local law enforcement.
• Post lost-pet notices only through trusted local channels and avoid sharing personal contact or financial details publicly.

Fraudsters impersonate the FBI or other law enforcement agencies, claiming the victim is under investigation for involvement in child pornography or other crimes. They demand cryptocurrency, gift card payments, or other financial transfers to avoid arrest.

Red flags:

• Claims of criminal investigations.
• Threats of immediate arrest.
• Requests for cryptocurrency, prepaid cards, or other financial payments.

Mitigation:

• Law enforcement agencies do not demand payment via cryptocurrency, gift cards, or money to avoid arrest.
• Do not respond or send money.
• Verify claims by contacting the agency directly using official government websites.
• Preserve the message as evidence and report the scam to the appropriate authorities.

Scammers promote fake cryptocurrency giveaways on social media, promising larger returns if the victim sends crypto.

Red flags:

• Requests to send cryptocurrency upfront.
• Promises of “double your crypto” or high returns.
• Urgency or countdown timers.
• Messages from unverified social media accounts.

Mitigation:

• Never send cryptocurrency for giveaways.
• Verify accounts through official, verified profiles.
• Be cautious of countdown timers or urgency tactics.
• Report fraudulent accounts to the social media platform.

Scammers threaten to release intimate content unless they are paid, often demanding cryptocurrency.

Red flags:

• Emails claiming device or webcam compromise.
• Messages including old passwords to appear legitimate.
• Demands for crypto payment within deadlines.

Mitigation:

• Do not respond or pay.
• Preserve messages as evidence.
• Change reused or compromised passwords and enable MFA.
• Run security scans.
• Report threats to IT/security teams or law enforcement if applicable.

Malware secretly mines cryptocurrency or steals wallet credentials.

Red flags:

• Device running unusually hot or slow.
• High CPU or network usage without reason.
• Unexpected pop-ups or unknown programs.
• Suspicious browser extensions.

Mitigation:

• Install reputable antivirus and anti-malware software and keep it updated.
• Avoid downloading software from untrusted sources.
• Regularly update operating systems, browsers, and extensions.
• Remove suspicious browser extensions.
• Monitor device performance and network usage.

Fraudsters use social media platforms to post fake products or services, requesting crypto or other payments.

Red flags:

• Deals posted by unverified or new accounts.
• Requests for irreversible payments like cryptocurrency.
• Listings that seem “too good to be true.”
• Pressure to act quickly or avoid platform protections.

Mitigation:

• Conduct transactions within official platform payment systems.
• Avoid sending cryptocurrency to unknown sellers.
• Verify seller profiles, reviews, and account history.
• Be cautious of pressure to move conversations off-platform.
• Meet locally in safe, public locations for in-person exchanges.

Scammers use AI-generated audio or video to impersonate someone and request cryptocurrency or account access.

Red flags:

• Audio/video messages requesting immediate payment.
• Behavior inconsistent with the person being impersonated.
• Pressure to bypass normal verification or approval processes.

Mitigation:

• Verify unusual payment or sensitive requests using a secondary communication method.
• Establish internal verification procedures for financial transactions.
• Be cautious of urgent AI-based requests.
• Train employees and family members to recognize deepfake/AI impersonation tactics.

Scammers are targeting older adults by pretending to be a grandchild or loved one in distress, urgently asking for help—usually money. These criminals are skilled at creating emotional panic, and they often know just enough personal information to sound believable.

Some scammers even use voice-cloning technology or artificial-intelligence who make the calls or text messages even more believable.

This scam is heartbreaking and effective because it preys on trust, fear, and family bonds. If you or someone you care about receives a call or text like this—slow down, verify, and don’t send money.

Common Tactics

• Pretend to be a grandchild, niece/nephew, or close family member
  • They've done their homework and use relatives names
• Say they’ve been arrested, in an accident, or detained while traveling
• Claim they can’t talk openly because they’re embarrassed or it’s “urgent”
• Often have background noise or someone else posing as a lawyer, doctor, or police officer
• Beg you not to tell anyone else, saying it will get them in trouble or make things worse
• Request money via:
  • Gift cards
  • Wire transfers
  • Cash in the mail
  • Cryptocurrency

 Warning Signs

• The call starts with “Grandma/Grandpa, do you know who this is?” to get you to say a name
• The caller seems rushed, panicked, or avoids giving too many details
• You’re told not to call other family members
• Payment is requested in an unusual way (especially gift cards or wire transfers)
• The caller uses vague phrases like “I’m in trouble,” “I need help,” or “Don’t tell Mom and Dad”

What Not to do

• Don’t assume it’s your family member just because they sound upset
• Don’t provide personal information over the phone
• Don’t send money, gift cards, or banking details
• Don’t let emotion override your judgment

What You Can Do

• Stay calm and hang up if something feels off
• Call or text the actual family member directly to confirm their safety
• Report the scam to the Federal Trade Commission at reportfraud.ftc.gov
• Report the scam to the Internet Crime Complaint Center at IC3.gov
• Check with another relative to verify any claims, despite the request not to

There is a fraudulent citation notice that appears to come from the Clark County Clerk’s Office. The document claims the recipient failed to appear for jury duty and must pay a $600 citation fee. It looks official, referencing the Regional Justice Center, using real names of county officials, and even listing court addresses—but it’s completely fake.

The Clark County Clerk does NOT issue citations of any kind, and anyone who receives this document should not send payment or provide any personal information. If you’ve received this or something similar, do not send any money, and spread the word to protect others from falling victim to this scam.

Common Tactics

• Send official-looking citations claiming failure to appear for jury duty
• Reference real locations like the Regional Justice Center and Clark County court officials
• Impersonate actual employees or judges using names that are publicly available
• Include a “citation fee” (in this example, $600) with instructions to pay to avoid legal consequences
• Use legal-style formatting and seals to mimic official documents
  • Upon closer inspection, the County Seal appears to be AI-generated

Warning Signs

• The document says it’s from the Clark County Clerk but demands a payment or fine
• It includes threats like prosecution or legal penalties for not paying
• Claims you’ll be compliant if you “pay now” to avoid further court action
• Contains poor grammar or typos, such as “mandated orders by the szte”
• Lists a fake or altered citation number
• Arrives by mail or email with no prior court contact

What not to do

• Don’t send any money or attempt to pay the fine
• Don’t follow payment instructions listed on the document
• Don’t call any numbers provided without verifying them independently
• Don’t give out personal or financial information

What You Can Do

• Do NOT pay—this citation is not real
• Verify any court-related notice by contacting:
  • The Clark County Clerk’s Office directly: clarkcountynv.gov
  • Contact The Regional Justice Center or jury services for your case status
• Report the scam to the Federal Trade Commission at reportfraud.ftc.gov
• Report the scam to the Internet Crime Complaint Center at IC3.gov
• Warn family, friends, and neighbors—especially those more likely to trust official-looking paperwork

We want to make you aware of a scam that’s been hitting phones across the Las Vegas Valley. Fraudulent text messages are going out pretending to be from the Nevada DMV, claiming you have an unpaid traffic ticket or violation. They threaten to suspend your license, cancel your registration, or even hurt your credit score if you don’t pay right away through a sketchy link.

Examples of text messages:

Common Tactics

• Pretend to be from the Nevada DMV or use similar language
• Indicate you have an unpaid traffic ticket or violation
• Reference fake Nevada laws or administrative codes (e.g., “15C-16.003”)
• Claim you must pay by a specific date or face:
  • Suspended license or registration
  • Legal action or arrest
  • Negative credit score impact
• Include suspicious links (e.g., URLs ending in .vip, .live, etc.)
• Use intimidating language and urgency to pressure quick action
• Send messages from foreign phone numbers, such as those starting with +63 (Philippines)

Warning Signs

• Unexpected texts about traffic violations you’ve never received
• Highly suspicious links
• Spelling and grammar errors or awkward sentence structure
• Claims that your driver’s license will be suspended immediately
• Messages that threaten legal action or financial penalties
• Any request for payment via a link in a text message
• Messages urging you to reply to confirm or proceed

What Not to Do

• Don’t click any links in the message
• Don’t reply—even with "STOP" or "Y"
• Don’t provide any personal, financial, or vehicle information
• Don’t assume it’s real just because it uses official-sounding terms
• Don’t send money or gift card payments

What You Can Do

• Verify communications directly with the DMV by contacting the Nevada DMV
• Report the scam to the Federal Trade Commission at reportfraud.ftc.gov
• Report the scam to the Internet Crime Complaint Center at IC3.gov
• Mark it as junk/spam on your phone
• Ignore and delete the message
• Warn friends and family about this scam!

We are aware of a disturbing scam involving individuals impersonating LVMPD officers—including high-ranking officials. Victims have reported receiving phone calls and text messages from individuals claiming to be with LVMPD, complete with spoofed phone numbers, badge numbers, and even the names of real officers and command staff.

These scammers are convincing and calculated. They often claim you’ve missed jury duty, are involved in an identity theft investigation, or owe fines for traffic violations or outstanding warrants. The message is urgent: pay immediately—or face arrest. Victims are then instructed to transfer money via gift cards, wire transfers, or cryptocurrency to "resolve the issue."

Common Tactics

• The caller or texter claims to be a LVMPD officer or high-ranking official
• You’re told there is a warrant for your arrest or legal action pending
• You're instructed to stay on the phone, keep the matter confidential, and pay using gift cards, cryptocurrency, or bank transfers
• The caller becomes aggressive or uses intimidation tactics to scare you into compliance

Warning Signs

• You receive an unexpected call or text from someone claiming to be with LVMPD
• The caller says you missed jury duty, are involved in identity theft, or have outstanding warrants
• The caller demands immediate payment to avoid arrest or legal action
• You're instructed to pay using gift cards, wire transfers, or cryptocurrency
• The caller uses urgent, threatening language to pressure you into acting quickly
• The phone number appears to come from LVMPD, but it’s spoofed (fake caller ID)
• They provide real names or badge numbers of actual LVMPD employees
• You’re told to stay on the line and not contact anyone else during the call
• You receive texts or fake documents designed to look official
• The caller insists the matter is confidential and shouldn’t be discussed with others

What Not To Do

• Do not send money in response to a call or text from someone claiming to be LVMPD or any law enforcement agency without calling to verify first.
• Do not purchase gift cards or cryptocurrency to resolve a supposed legal issue
• Do not wire money or share banking information over the phone
• Do not trust the caller ID or assume the number is legitimate
• Do not share personal details like your Social Security number or date of birth
• Do not stay on the line if the caller tries to keep you from contacting anyone else
• Do not respond to threatening language or scare tactics
• Do not click on links or download attachments from unknown texts or emails
• Do not believe a caller or texter just because they give you a real officer’s name or badge number
• Do not keep the call confidential if they tell you not to discuss it with family or law enforcement

What You Can Do

• Hang up and do not respond to suspicious messages
• Verify the claim by calling LVMPD’s non-emergency line at (702) 828-3111
• Report the scam to the Federal Trade Commission at reportfraud.ftc.gov
• Report the scam to the Internet Crime Complaint Center at IC3.gov
• Warn others, especially seniors, who are often targeted

Scammers are impersonating court officials, or members of federal agencies to convince victims they have an outstanding warrant for their arrest—often for missing jury duty, failing to appear in court, ignoring a subpoena or in violation of a traffic or parking infraction. These fraudsters frequently use spoofed phone numbers to make it appear as though the call or text is coming from a legitimate agency, including the Las Vegas Metropolitan Police Department, local courts, or even the FBI or Secret Service.

Once they have the victim on the phone or contacted via text, scammers often pressure them with urgent threats of arrest, license suspension, or other legal consequences unless a fine is paid immediately. They may instruct victims to remain on the phone and withdraw money, purchase prepaid gift cards, or transfer cryptocurrency to “resolve the matter.”

Example Message:

Common Tactics

• Spoofed caller ID showing police or government agency names
• Use of real names or badge numbers (sometimes of actual officers or officials found online)
• Demanding immediate payment via gift cards, wire transfers, cryptocurrency, or peer-to-peer apps
• Instructing victims not to tell anyone, claiming it's a "confidential legal matter"
• Threatening arrest, jail time, or law enforcement coming to your home or workplace

Warning Signs

• You receive a call or text about a warrant you know nothing about
• The caller or texter demands payment over the phone or through a suspicious link or website
• You’re told to pay using gift cards, cryptocurrency, or other non-traditional payment methods
• You're asked to stay on the phone throughout the process and not contact anyone else
• Threats of immediate arrest or legal action if you don’t comply

What Not To Do

1. Law Enforcement/Government WILL NEVER ask for credit/debit card/gift card numbers. Do not provide this information to anyone
2.  Law Enforcement/Government WILL NEVER ask for your bank routing and account numbers for wire transfers. Do not provide this information to anyone
3. Law Enforcement/Government WILL NEVER ask for Bitcoin or other cryptocurrency deposits for any purpose

NEVER divulge personal or financial information to unknown callers or texters

What You Can Do

• Stay calm and hang up. Legitimate agencies will never demand money or payment information over the phone
• Do not send money or provide personal information
• Verify the claim by calling the court directly using a publicly listed number or contact your local law enforcement agency
• Check area courts websites by searching your name for cases and the status of any warrants
• Report the scam to the Federal Trade Commission at reportfraud.ftc.gov
• Report the scam to the Internet Crime Complaint Center at IC3.gov
• Warn friends and family, especially older adults, who are frequent targets of these scams