5 cybersecurity scams to watch for in 2025

Fraudulent activity — whether through email, call or text — continues to grow more sophisticated, making scams and threats more challenging than ever for investors to detect. 

Understanding the changing fraud landscape and how scams continue to evolve can help you protect your personal information and financial assets. If you’re concerned about your online security or want help protecting yourself from fraudulent activity, contact us or refer to the privacy, security and fraud center. 

Here are five top emerging cybersecurity scams to know about and safeguard against in 2025. 

In this article:

1. One-time passcode scams 
2. Investment scams 
3. Financial institution impersonation scams  
4. Imposter scams 
5. AI-fueled fraud 
6. Steps to help protect yourself from these scams 
7. Questions to discuss with us

1. One-time passcode scams 

If you’ve ever logged into an online account, you’ve likely received a one-time passcode (OTP) via text message to verify your identity. These passcodes are an important security measure and offer an important layer of protection. However, they are becoming increasingly vulnerable to bad actors, who are managing to intercept this information unbeknownst to their victims.  

While you may need to continue to use OTPs, if you receive an OTP that you did not request, contact the issuing institution directly to confirm the validity of the message. And if someone claiming to represent your financial institution asks for your OTP, never share it. 

2. Investment scams 

Investment scams have been around for a long time, but advancements in technology have made them more sophisticated, convincing and hard to detect. Promises of quick money are often a hallmark of investment scammers, who may contact you through social media, text messaging or online advertising, pressuring you to act quickly while offering vague details about returns.  

Here are a few emerging investment scams to watch for: 

• Cryptocurrency scams: Also known as “pig butchering,” this scheme targets victims by establishing trust before convincing them to invest in cryptocurrency, ultimately stealing their funds. 

• Gold bar scam: This scheme involves criminals manipulating victims into believing their money isn’t safe in banks. They persuade victims to convert funds to gold and hand it over to a courier under false pretenses, disappearing with the assets. 

• Investment club scams: This scheme uses fraudulent social media advertisements to persuade people to join an “investment club” where victims are urged to purchase shares of a specific low-priced security. Once several people purchase the security, the market price pumps up and the bad actor, who holds the security in an account they control, dumps their shares for a profit. The price of the security then drops and the people who purchased the security lose money. 

3. Financial institution impersonation scams 

Messages from financial institutions are often implicitly trusted by consumers — a fact that fraudsters are aware of and capitalize on. Bad actors are increasingly posing as representatives from banks and other financial institutions to trick their victims into handing over financial assets. Keep in mind that while financial institutions may send verification emails for forgotten passwords, they will never request sensitive details that would grant someone access to your account. When in doubt, contact your financial institution directly using official channels. 

Here are a few emerging financial institution impersonation scams to watch for: 

• Anti-fraud team impersonation: Scammers may impersonate a financial institution’s anti-fraud team to gain access to financial assets. 

• Financial transaction fraud: A scammer sends a text message or email that’s designed to look like an official communication from the victim’s financial institution and asks the victim to verify a non-existing large transaction. If the request is verified, the victim may be connected to a fake representative, who recommends the victim move their funds to a “secure” account that they control.

4. Imposter scams 

In addition to impersonating financial institutions, scammers may pose as government personnel, employers, financial advisors and other reputable entities and individuals, to defraud their victims. Be diligent with any unexpected communications from these sources.  

Here are a few more common imposter scams to watch for in 2025: 

• Social Security Administration scams: Scammers impersonating Social Security Administration employees contact victims by call, email or text. They may claim the victim’s identity was stolen or attempt to trick them into giving up their Social Security number through other means. 

• Internal Revenue Service (IRS) scams: Fraudsters posing as IRS officials may threaten victims with legal action over unpaid tax bills. They may also bait victims with false claims of a tax refund or a tax rebate in an effort to trick them into providing personal information. 

• United States Postal Service (USPS) scams: The victim of this scam may receive an unsolicited text message about a fictitious USPS delivery. Ultimately, the sender of the text wants the victim to click on a malicious link (under the guise of package tracking) to gain access to personal information. 

5. AI-fueled fraud 

The rapid and recent advancement of artificial intelligence (AI) is helping scammers make fraud appear more legitimate than ever before. As AI continues to grow more sophisticated, scammers are finding new ways to exploit this technology to commit fraud, including: 

• AI-enabled voice cloning: Scammers use AI to mimic the voice of someone the victim knows, like a family member, to request funds for a fake emergency.  

• AI-driven romance scams: Advanced chatbots impersonate individuals seeking a relationship, building emotional connections and then asking for money. 

• Deepfake impersonations: Fraudsters create realistic AI-generated videos or audio of a person the victim knows and trusts to trick them into transferring funds.  

6. Steps to help protect yourself from these scams 

While each of these scams are different, many fraudsters use similar tactics to entrap their targets. As such, there are universal steps you can take to help protect yourself: 

Be wary of unsolicited messages.

Be mindful of any unsolicited financial advice or requests to move your money or investments:

• Treat phone calls or text messages from unknown numbers with skepticism, even if they appear to be from your financial institution.
• Avoid clicking on links or responding to messages asking for personal information, as these could lead to malicious attacks.  

Resist urgent tactics or threats. 

A consistent red flag of most fraud attempts is that the victim will feel pressured to act immediately or suffer negative repercussions if they do not. Scammers may try to scare or entice you with messages such as:

• “Secure your accounts with this guaranteed system right now."
• “This opportunity is available for the next 20 minutes only.”
• “Respond immediately, or your account will be suspended.” 

Closely monitor your financial accounts. 

Regularly review your accounts for unusual activity. If you’re an Ameriprise Financial client, take the following proactive steps to enhance security:

• Register for the secure site on ameriprise.com.
• Turn on 2-Step Verification.
• Enroll in push notification authentication.
• Activate text alerts.
• Ensure your contact information is up to date.
• Use complex, unique passwords.
• Monitor your login history.
• Communicate securely with your financial advisor via the Ameriprise Message Center. 

Your online financial security is important to us 

At Ameriprise Financial, we’re committed to protecting your online security. Contact us if you have questions about how we help protect your investments and information from bad actors.