Scams keep coming at us—and they’re getting harder to spot. How? Scammers have begun making them more tailored to their marks. That is… us. Personalized scams, as security experts call them, use details about you in the hope of tricking you more easily. This information comes from illicit sources like data leaks and breaches, successful phishing attacks, compromised websites, and malware, as well as legitimate sources like marketing info, public records, and social media. As you might guess, the data range can span a pretty wide range, from location to shopping habits. But what does a personalized scam look like? And how do you spot one? I brought these questions (and others) to a chat with Steve Grobman, Chief Technology Officer at McAfee—and it turns out that just like the data a scammer might have on you, the types of scams they craft fall under pretty broad umbrellas, too. The “general” personalized scam PCWorld These kinds of scams tend to target broad groups—like a specific geographic area. Toll scams have become personalized, for example. Before, messages claiming you had unpaid toll charges were generic. Now the texts will refer to your area’s toll authority and the name of the system, based on your phone number’s area code. If you’re not naturally a suspicious person, this updated approach may catch you off-guard. The language sounds more natural, despite being very broad. What changed? AI. Scammers can use AI to figure out regional information and incorporate it into messages quickly. Scammers don’t have to know much about you to make this kind of connection. They’ll extrapolate it from your contact info. Think area code for a phone number or a specific service related to your email provider. For example, I’ve recently seen emails related to Google storage limits, claiming your files will be deleted soon because you ran out of space. The “specific” personalized scam Here’s where all those data leaks and breaches become a problem. Even when a data dump only involves details like name and location (like, say, from an address), a resulting scam message can sound much more official. It can address you by name, target your age bracket, and/or zero in on something specific to your region. The extra information allows for additional customization of the message. Grobman calls these “fill in the blank” scams, where a scary notice can easily swap in your name and a relevant entity to spook you. For my location, he described it as “ ___(name)____, the California Department of _________ .” (A possible example would be: John, the California Department of Motor Vehicles has revoked your registration due to unpaid fees. ) If matched well enough to your region, this approach could get you to click or otherwise fall for the scam, because it sounds realistic enough. The “hyperpersonalized” scam Scammers can target topical interests for their attacks. Wegovy This type of personalized scam is more insidious than outright creepy. (Mostly.) Grobman says these are “lifestyle” focused. Scammers use what they know of your habits—like sites you’ve visited or links you’ve clicked on—to figure out your interests. Then they’ll zero in to exploit that info. For example, if you’ve shown interest in weight loss, you could be targeted with a link to a fake weight loss drug. Hyperpersonalized scams can also take longer to build to the fraud—think romance scams, where the scammer uses information about you to build trust. Maybe they know where you went to school, and use that to start and build rapport. The more you share, the more they weave that into the relationship being built. Eventually, the requests for favors and money begin. Or shared communication, photos, and other details are then twisted into blackmail material, used to extort money in exchange for secrecy. Often, these kinds of scams can feel so personal—and so shameful to have fallen for one—that many victims won’t tell anyone they’ve been scammed. Previously, the young and the elderly were bigger targets for scammers, as they could prey on not just loneliness, but also lack of experience or diminished cognitive capabilities. But now, the threat for this to be widespread across all age brackets hangs lower than before… which is why we have to be on alert. What to do if you’ve been scammed First , take a deep breath. You might feel overwhelmed by your feelings—whether that’s shock, embarrassment, or shame—but that’s common and normal. Also common and normal: Making this kind of mistake. Falling for a scam can truly happen to anyone, even seasoned security professionals . Next , ask for help. The problem may seem huge at first, but getting help keeps the problem from spiraling into a huge mess. You can start with the FTC’s consumer advice page, which lists common scam scenarios and what steps to take afterward . Generally, you want to address the immediate problem first. Let’s say you used your credit card number on a scam site or wired money to a “special friend”—alert your bank about these fraudulent transactions right away. The faster you act, the faster you limit the damage. Worried about credit card or bank account fraud? Call your bank immediately! Cardmapr / Unsplash Or you shared your social security number and then realized your mistake. Add a security freeze to your credit reports immediately, and also add a security alert for good measure. (The freeze is the more powerful tool though, as it blocks anyone from checking or opening credit in your name until you temporarily allow access, aka “thaw” your report.) Take care of your emotional health, too. At a baseline, talking to a friend or family member who can help provide clarity or good feedback can help while you’re in a stew. You can also try your employer or even the police if you just need help in getting oriented. How to avoid personalized scams The grim reality is that personalized scams could become more common—the tools to help fraudsters keep improving, thanks to AI advances. (Thanks but no thanks, AI.) How fast that will happen remains to be seen—Grobman says scammers are business owners. They do what makes money, so a change in approach only comes when current efforts lose profitability. And that will happen the more awareness spreads and detection tools improve. (Remember, security experts also have AI available to them, too.) As that race continues to escalate, the shift toward more and more personalization will increase the difficulty of spotting legitimate messages among the fakes. Windows Security is a solid free antivirus option that Microsoft automatically keeps up to date. Foundry Fortunately, the best steps to protect yourself are also the easiest. Have antivirus software active on your PC. Be wary about installing apps on your computer or phone. Keep your software up to date, especially your browser. Use a password manager . Apps and services have begun to build in more safeguards and protections—think of it as a neighborhood watch approach to online security. The final piece of the puzzle? You. The sites you choose to visit, the software you download, the browser extensions you install, the links you click in email and messages—those all can increase or decrease your risk of getting caught in a scam, too. Surf the internet wisely.