Redazione RHC : 1 November 2025 18:15
Google has shared new data on Android’s built-in protections against text and call fraud. According to the company, the system blocks over 10 billion suspicious contacts each month , in an effort to prevent data theft and user fraud before malicious activity reaches its target.
One of the key security features was a filter for Rich Communication Services , the protocol that replaced traditional SMS. Over 100 million phone numbers were blocked before they could send a single message . Additionally, the Google Messages app uses a spam filtering mechanism that leverages a local neural network : suspicious messages are immediately sent to the ” spam and blocked ” folder, without disturbing the phone’s owner.
Furthermore, since October, an additional security feature has been available worldwide: the system warns you of the presence of malicious links in messages, preventing you from clicking on them until you confirm that they are not spam.
The company specifically noted that the most common scams remain fake job offers . These messages use a trustworthy tone and promise a job offer to trick users into providing personal information or banking details. The second most common group is financial scams , from fake notifications about outstanding debts and subscriptions to fake investment schemes. Occasionally, messages about packages, attempts to impersonate government agencies, tech support scams, and online dating schemes are also encountered.
Google has noticed an interesting trend in the distribution of messages via group chats. These messages involve multiple recipients simultaneously, often including a “fictitious” participant who is also affiliated with criminals. Their purpose is to create the illusion of a live conversation and strengthen the credibility of the message . This reduces suspicion and increases the likelihood that the victim will take the information seriously.
An analysis of the activity shows that scammers follow a strict time structure . Emails begin around 5:00 a.m. (Pacific Time) and peak between 8:00 a.m. and 10:00 a.m. The peak time is Monday, the start of the work week, when users are particularly vulnerable due to rushing and poor concentration.
The schemes themselves range from mass to personalized. The first category consists of chaotic attempts to reach as many recipients as possible, using subject lines such as delivery notices, fines, or urgent notifications. These emails often contain shortened links that disguise malicious websites . The second category consists of slow, calculated attempts to gain trust: the scammer may impersonate a longtime acquaintance or a recruiter , use public information about the victim, and gradually set them up for financial loss . A scheme called “Pig Butchering” falls into this category.
According to the Google team, the goal of all these scenarios is to obtain money or information , and the source of the contact information is often leaked databases purchased on the darknet. There’s an entire infrastructure supporting these operations: SIM farm equipment providers, phishing-as-a-service (PhaaS) kits, and mass mailing services. They connect the entire chain, from the scammers to the final victim.
Furthermore, attack dynamics are constantly evolving: if one country tightens its controls, attackers simply relocate to another jurisdiction without physically moving. This allows them to maintain constant activity, relocating their operations centers as needed.
Redazione