Cybercriminals can utilize new AI-powered threats for Android before Christmas. Learn how to avoid them.
A few weeks before Christmas, it’s not only shopaholics who will go crazy. Cybercriminals too are ready to unleash all their worst tools to scam people who shop online, those expecting deliveries, and even those who want to donate to charity.
This has all become a common problem, and many Android users have learned to live with it. However, this season we can expect an unprecedented number of AI-powered scams that are easier for criminals to produce and harder for shoppers to recognize.
Seeing these new threats, ESET has been continuously upgrading ESET Mobile Security for Android, boosting its antiscam capabilities while utilizing its own AI-powered tools.
Key points of this article:
- Scams are a global problem, and data shows that most adults encounter at least one scam per year.
- With Black Friday leading the way, every shopping season is very attractive period for fraudsters. Now equipped with powerful AI tools, their malicious activities have become even more dangerous.
- New tactics involve believable AI-generated content, calls, and the abuse of legitimate AI-powered chatbots. AI tools have also improved malware development.
- To face these threats, Android users need to learn scammers’ new tricks and install reliable mobile security
Scams are a global problem
We are living in a world where the majority (57%) of adults experience at least one scam per year, with 23% of those losing money. Shopping scams affect 54% of users, unexpected money scams (involving fake prizes, lottery winnings, inheritance, etc.) impact 48% of people, and 42% of victims suffer from identity theft, according to the Global State of Scams 2025 Report.
Most of these scams target smartphone users, as 53% of them take place via phone call, 51% via text/SMS message, and 47% via email.
Description: Becks and Jake Moore, Global Security Advisor at ESET, uncover the sneaky tactics of online Christmas scams.
While online, scams often arrive via social media networks. For example, recently leaked Meta data show that Facebook, Instagram, and WhatsApp’s users face 15 billion advertisements flagged as “higher risk” scam advertisements – those that show clear signs of being fraudulent – every day. Although, as pointed out by Meta, many of those ads may still be legitimate, the number is staggering considering today’s global population is over 8.2 billion people.
Want to learn more about scammers’ tactics? Check out this list of must-know scams!
New AI threats
Meanwhile, scammers and cybercriminals have come up with new ways to abuse emerging AI tools and their capabilities.
AI-generated phishing emails – Attackers use generative AI to craft highly convincing phishing emails that mimic retailers, delivery services, or payment processors.
Deepfakes and AI-generated pictures – They are used in adware to sell fakes and knockoffs, “miraculous” products, or spread phishing via unrealistic discounts and offers.
Description: Jake Moore, Global Security Advisor at ESET, describes scams utilizing deepfakes.
Abusing AI chatbots to spread scams – For example, cybercriminals have tricked X’s AI chatbot into promoting phishing scams through a technique nicknamed “Grokking.”
AI-generated deepfakes to bypass authentication methods of financial institutions – Cybercriminals can now steal facial recognition data and use AI to create deepfakes for authentication.
Deepfake customer support scams – Fraudsters deploy AI-generated voice or video deepfakes to impersonate customer service agents from popular brands.
AI-generated fake reviews and product listings – Generative AI creates thousands of fake product reviews and listings to lure shoppers into buying counterfeit or nonexistent goods.
AI-powered malware – AI can help malware developers work faster with fewer people involved. There also are cases of AI-written malware, such as PromptLock discovered by ESET.
Spotting red flags
When battling scams, the first line of defense is you – the user. Before responding to an offer or an urgent call of any kind, it is necessary to verify the sender and its claim.
According to the Global State of Scams Report, the vast majority of adults (93%) globally take at least one step to verify whether an offer is legitimate, but most of them are still scammed. Part of the problem is that many rely on methods that are often less effective.
Here are the most common steps taken to check the legitimacy of an offer based on their effectiveness, according to the report:
Highly effective
- Search for reviews on a separate website
- Speak with friends or family about their experience(s)
- Check if payment can be made with a credit card, PayPal, or other refundable payment method
Moderately effective
- Follow the rule “If it seems too good to be true, it probably is”
- Check for the presence of a phone number
- Check if the email address is from a free email provider (Tip: Also, carefully check the spelling of the sender’s email address – even one letter being off means that it is likely illegitimate
Less effective
- Check for spelling and grammar errors
- Look for reviews on the same website
- Check whether the company is active on social media
- Verify that the website has a valid SSL certificate
Checking an offer’s legitimacy is not the only way to protect against scams. Other steps to prevent being scammed involve:
Using strong passwords: Create strong passwords and use unique passwords for different accounts – the ESET Free Unique Password Generator can help. Avoid password fatigue with a password manager.
Enabling multi-factor authentication (MFA): Wherever possible, add an extra layer of security to your accounts with MFA.
Updating your software: Regularly update your operating system, browser, and security software to protect against vulnerabilities.
Using a reliable cybersecurity solution: The right security solution can stop scams at multiple stages – by filtering spam, blocking phishing messages and websites, and securing payment processes.
Educate yourself: Stay informed about common scams and how they work – knowledge is your best defense.
ESET AI-powered solution
Luckily, cybercriminals are not the only ones who use AI; defenders can utilize AI capabilities too. ESET has more than 30 years of experience and has been leveraging AI and machine learning for over two decades.
All these experiences are woven into ESET Mobile Security for Android using AI-powered antimalware technologies, which can effectively discover and flag even never-before-seen threats.
On top of that, ESET Mobile Security for Android can help users recognize and stop scams at multiple stages.
How ESET can protect your device:
AI-Powered Antimalware – If scammers try to trick users into downloading and installing malware, ESET Mobile Security can protect them against malicious app installs and other malware. The antivirus can also check all files and device folders available via USB on the Go connections.
Anti-Phishing – Phishing is among the most used tactics in scams, so ESET has created sophisticated protection: ESET Anti-Phishing protects against malicious websites attempting to acquire your sensitive information – usernames, passwords, banking information, or credit card details on most popular Android browsers.
ESET Anti-Phishing includes web browser protection, social application protection, SMS/notification protection, and Link Scanner, which can recognize phishing links coming from apps such as in-game messages.
Payment Protection – This feature adds an extra layer of security to apps like Google Pay or your mobile banking app. When active, Payment Protection prevents malicious apps from reading, modifying, or overlaying content on your protected apps – helping to stop phishing attempts and data leaks.
Adware Detector – Worried about dubious aps popping up out of nowhere? This feature is the answer to the problem with adware apps, seemingly innocent apps like a calculator or flashlight, which displays full-screen ads even if the app is not in use.
Call Filter – Another layer of protection against spam and scam calls. Call Filter allows users to create rules for blocking and filtering incoming calls.
Anti-Theft – More traditional “street” scams involve pickpocketing and stealing. This product feature logs all unauthorized attempts to unlock the phone or screen, and SIM card changes. The user is then notified via email. The Anti-Theft feature also tracks the missing device in question.
Shop fearlessly – ESET has got your back
With evolving technology, it’s only natural that scammers’ tools and tactics improve as well. From AI-generated fraudulent content to sophisticated malware, this shopping season will likely see more dangers than ever before.
This doesn’t mean that you can’t enjoy browsing the internet and searching for Christmas presents for your loved ones. Just be aware of cybercriminals’ tricks and protect your device with reliable cyber protection fine-tuned to fight off these scams.
Frequently Asked Questions:
Why is this shopping season more dangerous for smartphone users?
This year, cybercriminals are leveraging AI to create scams that are easier to produce and harder to detect. Expect AI-generated phishing emails, deepfake ads, fake customer support, and fraudulent product listings targeting Android users.
What types of AI-powered scams should I watch out for?
Common AI-driven scams include:
- AI-generated phishing emails mimicking retailers or delivery services
- Deepfake videos and images used in ads
- Fake product reviews and listings created by generative AI
- AI chatbots promoting phishing links
- Deepfake impersonations of customer support agents
How can I spot scam red flags when shopping online?
Try to do as much as you can to verify the claim (offer) and its source (seller). For example, check grammar, search for reviews on independent websites, and follow the rule “If it seems too good to be true, it probably is.”
What steps can I take to protect myself from scams?
Use strong, unique passwords and enable multi-factor authentication, keep your software and apps updated, install a reliable security solution like ESET Mobile Security for Android, and stay informed about common scam tactics.
How does ESET Mobile Security for Android help against AI-powered scams?
ESET Mobile Security for Android uses AI-powered antimalware and anti-phishing tools to block malicious apps, phishing websites, and scam links. It also offers Payment Protection, Adware Detection, Call Filter, and Anti-Theft features to safeguard your Android device
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on Facebook, YouTube and Twitter.