AI is supposed to make the internet easier. But right now, it’s also making scams easier.
Every week, we round up the biggest scam and cybersecurity stories of the moment so you can recognize red flags, protect your accounts, and avoid the most common traps scammers are using.
This week in scams, we’re talking AI-powered search scams, a major fintech data breach, and an unexpected ticket fraud scheme that allegedly cost the Louvre millions.
Let’s jump in:
Google AI Overviews Are Being Used to Scam People Out of Money
Google Search doesn’t just show links anymore. Now, it often shows AI-generated summaries at the top of the page called AI Overviews, quick answers designed to save you time.
But according to reporting from WIRED, scammers are finding ways to exploit these AI summaries by planting fake customer support phone numbers into search results.
Here’s how the scam works: Someone searches for a bank, airline, or service provider, usually something like “Company name customer support number.” Then Google’s AI Overview pulls a phone number from somewhere online and displays it as if it’s legitimate.
The problem? Sometimes that number doesn’t connect you to the company at all.
Instead, it connects you to a scammer impersonating customer service, someone trained to sound helpful, calm, and official, while quietly steering you toward sharing payment information, account details, or verification codes.
This isn’t just misinformation. It’s a direct path into fraud.
Google told WIRED it’s working to strengthen anti-spam protections in AI Overviews, but also recommends users double-check customer support numbers through additional searches.
Key red flags to watch for
- The AI Overview provides a phone number without clearly showing where it came from
- The “support agent” asks for payment information immediately
- The person asks for your login credentials, bank info, or verification codes
- The caller pressures you to act quickly (“your account will be frozen”)
- The number doesn’t match what’s listed on the company’s official website
How to protect yourself
If you’re looking for a customer support number, don’t rely on an AI summary.
- Go directly to the company’s official website and find their contact page
- Verify the phone number through multiple sources
- If the person on the phone asks for passwords or MFA codes, hang up immediately
- Treat any urgency or threats (“you must act now”) as a scam signal
The big lesson: AI can summarize the internet, but it can’t always verify the truth.
Data Breach Watch: Fintech Firm Figure Exposes Nearly 1 Million Accounts
If you’ve applied for a loan, worked with a fintech service, or interacted with a home equity platform recently, this one is worth paying attention to.
According to BleepingComputer, fintech company Figure Technology Solutions was breached in a social engineering attack, with hackers reportedly stealing personal data tied to nearly 967,200 accounts.
The exposed data reportedly included names, email addresses, phone numbers, physical addresses, and dates of birth. And that’s exactly what scammers use to build believable impersonation attempts.
Why this matters
Even if you’ve never heard of Figure, data breaches like this can ripple outward fast. Once scammers have your email, phone number, and date of birth, they can launch more convincing scams like:
- Fake “account verification” calls
- Fraudulent loan or credit applications
- Phishing emails pretending to be financial institutions
- Identity theft attempts using your personal details
And because this breach was reportedly caused by social engineering, it’s also a reminder that the weakest link in security isn’t always technology, it’s human trust.
Key red flags to watch for after a breach
- Calls claiming your loan account needs immediate verification
- Emails asking you to “confirm your identity” using a link
- Messages that include personal details to sound legitimate
- Fake financial support agents asking for payment or login credentials
What to do right now
- Change passwords (especially if you reuse them across accounts)
- Turn on multi-factor authentication where possible
- Monitor your credit report for unusual activity
- Be skeptical of unexpected financial messages, even if they seem personalized
After breaches like this, scammers often wait weeks or months before striking, because they know people stop paying attention.
A Scam at the Louvre Allegedly Cost $12 Million
Not every scam story is about malware or phishing links. Some are about old-fashioned fraud, executed at a scale that feels almost unbelievable.
According to reporting from The New York Times, French investigators uncovered a ticket fraud scheme that may have cost the Louvre in Paris nearly $12 million over a decade.
Officials say the suspected scam involved tour guides allegedly reusing tickets multiple times, bribes paid to museum employees, and tourist groups being split up to avoid additional fees.
Last week, police reportedly arrested nine people in the case, including two museum employees.
Investigators also believe similar fraud may have taken place at Versailles.
The Takeaway
This wasn’t a one-time trick. Investigators believe the network may have been running for years, allegedly bringing in multiple tour groups per day.
It’s a reminder that scammers don’t always need to “hack” a system.
Sometimes, they just find a weak point, then repeat it until it becomes a business model.
The bottom line: the Louvre story is dramatic, but the lesson is familiar. Scams thrive anywhere oversight is stretched thin, systems are overwhelmed, and people assume someone else is double-checking.
Whether it’s a museum ticket scanner or an AI-generated search result, scammers will always look for the fastest path through the cracks.
McAfee’s Safety Tips for This Week
This week’s scam pattern is all about one theme: trust shortcuts.
AI summaries that feel official. Phone numbers that look real. Support agents who sound convincing. Breach data that makes phishing more believable.
The best defense is slowing down and verifying before you act.
Here are the smartest moves to make right now:
Don’t trust AI Overviews (or search snippets) for customer support phone numbers. Always verify through the company’s official website.
Treat “customer service” calls with caution, especially if they ask for payment info, passwords, or MFA codes.
Never share verification codes, even if someone claims they’re just “confirming your identity.”
Watch for phishing attempts after major breaches. Scammers often use stolen data to make messages feel personal and urgent.
Be suspicious of pressure tactics like “your account will be frozen” or “you must act immediately.”
If you think your personal data may be exposed, monitor your credit and update your passwords now, not later.
Use tools like McAfee Web Protection to avoid dangerous links, bad downloads, malicious websites, and more.
We’ll be back next week with another roundup of the scams making headlines, and what you can do to stay ahead of them.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
