How Online Scams Are Evolving: AI Phishing, QR Codes and Smishing

Online scams are constantly changing, but the goal usually stays the same, to pressure people into sharing information, clicking links, downloading files, or sending money.

 

While phishing emails are still common, newer scam techniques are becoming more convincing and harder to spot. Criminals are increasingly using AI tools, trusted branding, and familiar technology to make fraudulent messages appear legitimate.

 

Here are some examples of how scams are evolving and practical ways to stay safer online.

 

AI-generated phishing

Phishing messages no longer always contain obvious spelling mistakes or unusual wording.

AI tools can help scammers create more personalised and convincing messages that imitate businesses, services, or everyday conversations. This can make phishing attempts appear more professional and harder to identify.

Examples may include:

  • fake delivery notifications,
  • account security alerts,
  • messages appearing to come from banks,
  • or emails written to sound unusually personalised.

Because these messages may look legitimate, it is increasingly important to pause before responding.

  • Be cautious of urgency and pressure.
  • Verify unexpected requests through official channels.
  • Avoid clicking links directly from messages or emails.

 

Smishing and spoofed numbers

Text message scams, sometimes called smishing, are becoming increasingly convincing through number spoofing.

This means scammers can make messages appear as though they came from trusted organisations rather than an unfamiliar number.

Examples may appear to come from:

  • delivery services,
  • banks,
  • government services,
  • or even appear in existing message conversations.

For example, scam texts impersonating delivery providers and financial institutions often create urgency and encourage quick action through links or payment requests.

Delivery text scam

The appearance of a trusted sender does not guarantee legitimacy.

  • Avoid using links sent by text.
  • Open apps or websites manually.
  • Contact organisations directly using official details.
  • Treat unexpected payment requests with caution.

 

QR code scams (“Quishing”): when convenience becomes the risk

QR codes are now commonly used in restaurants, parking services, events, and public spaces.

Scammers can replace legitimate QR codes with malicious ones that redirect users to fake websites, trigger downloads, collect login details, or request payment information.

For example, someone may scan what appears to be a restaurant’s digital menu and unknowingly be redirected to a fraudulent website.

Because scanning feels quick and familiar, people may be less likely to question where the link leads.

  • Check whether QR codes appear tampered with.
  • Review website addresses before continuing.
  • Avoid entering payment details immediately after scanning.

 

Business Email Compromise (BEC): when trust becomes the attack

Not all cyberattacks involve malware.

Business Email Compromise (BEC) scams rely on impersonation and social engineering to convince people to transfer money or share sensitive information.

Attackers may pretend to be:

  • managers,
  • suppliers,
  • customers,
  • or trusted organisations.

Requests often appear urgent and routine, making them difficult to recognise.

 

Small businesses can be particularly vulnerable where payment approvals or communication processes are informal.

  • Verify requests involving payments or account changes.
  • Introduce approval processes where possible.
  • Confirm unexpected requests using known contact details.

Whether it’s an AI-written email, a spoofed text message, a QR code, or an impersonated request, taking a moment to verify before acting can significantly reduce risk.

 

Technology changes quickly, but good security habits remain one of the strongest protections.