Established by a former federal investigator · 20+ years DOJ experience · $12.5B lost to fraud in 2024 — FTC
The Fraud CodexScam Intelligence
Live Threats
NewPig butchering via LinkedIn — $2.1M lost, Bay AreaAlertIRS impersonation surge — tax seasonNewFake Coinbase support calls reported nationwide
▸ Scam Encyclopedia · 7 types

Cyber & Technical Scams

The technical end of fraud — stolen numbers, hijacked SIM cards, malicious codes, fake breach alerts. Less about tricking you in the moment, more about quietly taking what lets them in.

CRITICAL

Synthetic Identity Fraud

This one is patient and quiet. A criminal pairs your real Social Security number with a fabricated name and birthdate to build a brand-new "person," then uses it to open credit. Standard credit monitoring will not catch it, because the name is not yours. The damage can sit for years — US lenders carried $3.3 billion in exposure in 2025 alone — and a child's unused SSN is the prize.

HIGH

QR Code Scam (Quishing)

A malicious QR code — slapped over a parking meter, tucked into a menu, mailed in a fake package — sends your phone to a phishing page or a malware download. You cannot read a QR code with your eyes, which is the whole point. Check where it actually lands before you enter anything.

CRITICAL

SIM Swap Attack

An attacker convinces your carrier to move your number to their SIM, and suddenly your texts — including two-factor codes — are theirs. From there they drain bank and crypto accounts in minutes. Lock your account with the carrier and move off SMS-based two-factor where you can; app-based codes do not travel with a stolen number.

MEDIUM

Password Extortion Scam

An email leads with one of your real old passwords and threatens to release webcam footage unless you pay in Bitcoin. The password came from an old breach, and the footage almost never exists. It is a bluff wrapped around one real detail — change any password still in use and do not engage.

MEDIUM

Fake Data Breach Notification

A phishing email impersonates a breach alert — "your data was exposed, reset your password here" — and the link goes to a fake login or "identity protection" page built to capture credentials. The irony is the point: it weaponizes your fear of being hacked. Go to the real site directly, never through the email's link.

MEDIUM

Typosquatting Scam

A fake site lives one keystroke from a real one — "paypa1.com," "arnaz0n.com" — close enough that a glance or a fat-fingered URL lands you there. It exists to capture logins and payments. Slow down on the address bar, and treat a link's text as a claim, not a destination.

LOW

Brushing Scam

A package arrives that you never ordered. It seems harmless, even fun — but it means a seller has your name and address and is using them to post fake "verified" reviews. The free junk is not the problem; the fact that your information is out there, being used, is.

← All scam types

Not sure if something is one of these?

Paste the link, number, email, or message into the free scanner and get a read in seconds.

Scan It — It's Free