Imposter scams remain the most reported type of fraud in America for the fifth year in a row, according to new data from the Federal Trade Commission (FTC).
Americans submitted more than 1 million reports of imposter scams in 2025, making them the agency’s top fraud category once again. Victims reported more than $3.5 billion in losses, though the real number is likely much higher since many scams go unreported.
But “imposter scam” is a broad category. It doesn’t tell you what these scams actually look like when they land in your inbox, texts, social media DMs, or phone calls.
To better understand what consumers are encountering every day, McAfee surveyed more than 7,500 people for its State of the Scamiverse report. The results show scammers aren’t just pretending to be one type of person or company. They’re impersonating the brands, services, and people we trust most.
This week’s edition of This Week in Scams is here ahead of the holiday weekend with the 10 most common identities scammers pretend to be.
10. Someone Who “Texted the Wrong Number” (20%)
Common scam: An innocent conversation that turns into something more.
These scams often begin with a harmless message intended for “someone else.” Once you reply, the scammer slowly builds trust over days or even weeks before introducing investment opportunities, romance, or requests for money.
Unlike traditional phishing, these scams don’t always include suspicious links.
Why it works: They feel like genuine human conversations rather than obvious scams.
Learn more about wrong number and pig-butchering scams.
9. Technology Companies (21%)
Common scam: “Your device has been compromised.”
These messages impersonate technology companies or cybersecurity brands, claiming your computer or phone has been infected or involved in a security breach.
Some direct victims to fake technical support, while others encourage downloads of malicious software.
Why it works: Security alerts are designed to grab attention, and convincing impersonation can make fake warnings look legitimate.
Learn more about tech support scams.
8. Banks and Financial Institutions (21%)
Common scam: “We’ve detected suspicious activity on your account.”
Bank impersonation scams create immediate urgency, asking customers to confirm transactions, secure their accounts, or verify their identity.
Many direct victims to fake websites or connect them with fraudulent customer support representatives.
Why it works: Financial security messages naturally demand attention, making people more likely to react before verifying the sender.
Learn more about banking scams and financial fraud.
7. Subscription Services (21%)
Common scam: “Your payment couldn’t be processed.”
Scammers impersonate streaming services, software subscriptions, and other recurring services, warning that your account will be canceled unless you update your payment information.
Why it works: Consumers are used to recurring billing notifications, making these messages blend into everyday digital life.
Learn more about mobile payment and subscription scams.
6. Auto Warranty Providers (22%)
Common scam: “Your vehicle warranty is about to expire.”
One of the oldest impersonation scams is still one of the most common. Fraudsters claim your warranty is ending and pressure you to purchase coverage immediately or provide personal information.
Why it works: Many people aren’t sure when their warranty expires, making the claim difficult to verify on the spot.
Learn more about these types of robocallers.
5. Rewards Programs and Survey Companies (22%)
Common scam: “You’ve won a prize.”
These scams promise gift cards, rewards, or exclusive offers but require you to “verify” your identity or enter payment information to claim them.
Why it works: The promise of something free lowers skepticism, especially when the message appears to come from a familiar brand.
Learn more about survey and prize scams.
4. Retailers and Merchants (26%)
Common scam: Fake invoices for purchases you never made.
Receiving an invoice for an expensive purchase can trigger panic. Scammers count on victims clicking quickly to dispute the charge, often leading them to malicious websites or fake customer support numbers.
Why it works: Consumers naturally want to stop fraudulent purchases as quickly as possible.
Learn more about shopping scams.
3. Payment Services (27%)
Common scam: “Verify your PayPal account.”
Messages claiming there’s a problem with your payment account often direct you to fake login pages designed to steal your username, password, or financial information.
While PayPal is one common example, scammers impersonate many digital payment platforms.
Why it works: Payment notifications are common, and many consumers don’t think twice before signing in to resolve what appears to be a routine issue.
Learn more about mobile payment scams.
2. Social Media Platforms (27%)
Common scam: “Verify your account or it will be suspended.”
Scammers frequently impersonate platforms like Facebook, Instagram, TikTok, or X, claiming there’s unusual activity or that your account violates community guidelines.
The goal is usually to steal your login credentials or two-factor authentication codes.
Why it works: Many people rely on social media for work, business, or staying connected, making the threat of losing access feel urgent.
Learn more about social media scams.
1. Delivery Companies (31%)
Common scam: “Your package couldn’t be delivered.”
Whether you’re waiting for a birthday gift, an online order, or an important package, fake delivery notifications prey on the fact that most people are expecting something to arrive.
These messages often claim there’s a shipping issue, unpaid delivery fee, or missed package and urge you to click a link immediately.
Why it works: Package updates have become part of daily life, making fake notifications feel routine rather than suspicious.
Learn more about delivery scams.
The Common Thread
While these scams may look different, they all rely on the same tactic: impersonation.
“AI has lowered the barrier for creating convincing impersonation scams,” said Abhishek Karnik, Head of Threat Research at McAfee.
“Scammers can now produce professional-looking emails, realistic websites, and even convincing voices or videos at scale. The result isn’t necessarily more scam types, it’s far more believable versions of the scams people already encounter every day.”
That mirrors a broader trend McAfee identified in its State of the Scamiverse research: scams are becoming more realistic, more personalized, and harder to distinguish from legitimate communications.
Americans now receive an average of 14 scam messages every day, spend 114 hours each year deciding what’s real and what’s fake, and one in three say they feel less confident spotting scams than they did a year ago.
How to Protect Yourself From Impersonation Scams
| If you notice this… | ✅ Do this instead |
| A message creates a sense of urgency (“Your account will be suspended,” “Package delivery failed,” “Fraud detected”) | Pause before acting. Scammers want you to make a quick decision before verifying the message. |
| You’re asked to click a link or scan a QR code | Open the company’s official website or app yourself instead of using the link in the message. |
| The message asks you to verify your account, payment information, or identity | Never enter credentials through an unsolicited message. If you’re concerned, contact the company directly using a trusted phone number or website. |
| Someone asks for passwords, one-time verification codes, or payment over text, email, or phone | Legitimate companies won’t ask for this. Don’t share the information, even if the request seems convincing. |
| A “wrong number” text quickly becomes unusually friendly or shifts toward investing, crypto, or money | Stop responding and block the sender. Modern scams often begin as seemingly harmless conversations. |
How McAfee Can Help
With McAfee+, multiple layers work together before any damage is done:
- Scam Detector flags suspicious texts, emails, links, QR codes, and even deepfake videos before you engage
- Secure VPN keeps your data private, especially on public Wi-Fi
- Web Protection helps block risky sites, even if you do accidentally click
- Password Manager doesn’t just help you make unique, strong passwords, it keeps them stored and organized for you
- Device Security helps detect malicious apps or downloads
- Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast
- Personal Data Cleanup helps remove your information from sites selling it.
- Online Account Cleanup assists in taking down your old, forgotten accounts across the web
- Social Privacy Manager helps you monitor and change privacy settings across your social platforms in just a few clicks
Together, these protections are designed to address the broader range of online risks people face every day.