2026's Most Dangerous Email Scams — Real Examples and How to Avoid Them

The FBI’s Internet Crime Complaint Center (IC3) received 880,418 complaints in 2023, with total reported losses exceeding $12.5 billion — a 22% increase from the prior year. Email remains the most common delivery vehicle for fraud, and the scams have gotten considerably more sophisticated than a misspelled message from a foreign prince.

Here are the six email and message scams causing the most financial damage right now, with real examples of what they look like and exactly how to avoid them.

1. Business Email Compromise — $2.9 Billion Lost

Business Email Compromise (BEC) is the most financially damaging fraud category in the FBI’s annual report. It’s also the one most people have never heard of, because it targets businesses and employees rather than individuals scrolling their personal inboxes.

How it works: Attackers research a company — its executives, its vendors, its accounting processes — and then either hack a legitimate executive email account or create a convincing lookalike domain (think ceo@company-inc.com instead of ceo@companyinc.com). They then send an email to someone in accounts payable, requesting an urgent wire transfer.

What it looks like:

From: Michael Chen, CEO <mchen@company-inc.com> To: Sarah Walsh, Accounts Payable

Sarah — I’m in meetings all day and need you to process an urgent vendor payment before close of business. Wire $47,000 to: [bank details]. This is time-sensitive and confidential. Don’t call — I’ll explain tomorrow.

Red flags:

• Request comes via email, not through established payment systems
• Urgency + request not to call or verify
• The “from” domain is slightly different from the real company domain
• Payment is going to a new or unfamiliar account

What to do: Verify any wire transfer request with a phone call to a number you already have on file — not a number in the email. Most companies with good BEC protection have a policy: no new payee without a phone verification.

2. Investment and Crypto Scams — $4.5 Billion Lost

Investment fraud claimed $4.57 billion in 2023 according to IC3 data, making it the single largest loss category. Crypto investment scams (often called “pig butchering”) are driving most of that number.

How it works: Initial contact usually comes via a “wrong number” text or a social media connection. The scammer builds a relationship over weeks, eventually brings up investing, introduces a fraudulent trading platform, and encourages increasingly large deposits. The platform shows spectacular fake returns — until withdrawal is requested, at which point “taxes” or “fees” are demanded, and eventually all contact ceases.

What it looks like:

Subject: Your referral bonus — investment account update

Hi James, as discussed with your advisor, your current portfolio value is $84,230 (up 31% this month). Your withdrawal request of $12,000 is pending — please transfer the 15% clearance fee of $1,800 to process. Once received, funds will arrive within 3-5 business days.

Red flags:

• Guaranteed or extraordinarily high returns
• Platform you’ve never heard of
• Withdrawal requires an additional fee payment
• Investment introduced through a romantic or new online contact

What to do: Only use regulated, established exchanges and brokers. Verify any platform through FINRA BrokerCheck or your country’s financial regulator. If you can’t withdraw without paying fees, you’ve already lost the money.

3. Romance Scams — $1.3 Billion Lost

Romance scams are the most emotionally damaging category. The FBI reported $1.3 billion in losses in 2023, and that figure almost certainly understates the problem — most victims never report due to embarrassment.

How it works: A fake profile — usually of an attractive person with a professional-sounding life — makes contact on a dating site, social media, or even by “wrong number” text. Over weeks or months, a genuine emotional connection is built. Then the crisis arrives: a medical emergency, a business deal, a passport problem. The target sends money. The crisis is resolved. Another crisis appears.

What it looks like:

From: David (david.morgan.1974@gmail.com)

My darling, I am so sorry to ask this again. The platform holding my contract payment has frozen my account and I cannot access funds until I pay the release fee. I have never felt so ashamed. I would not ask if there was any other way. Could you send $3,000 via Zelle? The moment I am back in the US I will repay everything plus take you somewhere wonderful.

Red flags:

• Never available to video chat (or “camera is broken”)
• Profession involves being abroad: military, oil rig, doctor working overseas, engineer on contract
• Relationship moves very fast emotionally
• Always an emergency, always needs money
• Requests gift cards, wire transfers, or crypto

What to do: Before sending any money to someone you’ve only met online, do a reverse image search of their profile photos. Independently verify their identity. Read our complete guide to romance scams for the full breakdown of how these schemes progress.

4. Government Impersonation — IRS, SSA, and Medicare

Government impersonation scams are the volume leader — millions of Americans receive these attempts every year. The losses are lower per-victim than BEC or investment fraud, but the total is still measured in hundreds of millions annually.

How it works: You receive a call, email, or text claiming to be from the IRS (your taxes are overdue and a warrant has been issued), the Social Security Administration (your SSN has been “suspended” due to suspicious activity), or Medicare (your card needs to be reissued). The message demands immediate action — typically payment via gift card, wire transfer, or crypto.

What it looks like:

Subject: FINAL NOTICE — IRS Case #8847302 — Immediate Action Required

This is an official notice from the Internal Revenue Service. An investigation has found discrepancies in your 2023 tax filing. Failure to respond within 24 hours will result in arrest and prosecution. Call our compliance officer immediately at 1-888-XXX-XXXX to resolve this matter before a warrant is issued.

Red flags:

• Government agencies do not call, text, or email demanding immediate payment
• Threats of immediate arrest
• Payment requested via gift card, cryptocurrency, or wire transfer
• Pressure not to hang up or tell family members

What to do: Hang up. The IRS communicates by mail. Call the agency’s official number (found at irs.gov, ssa.gov) if you have any genuine concerns about your account.

5. Package Delivery Smishing — USPS, FedEx, and UPS Impersonation

Smishing (SMS phishing) through fake package delivery notifications surged dramatically in recent years and shows no sign of slowing. With the rise of online shopping, most people are always expecting at least one delivery.

How it works: You receive a text claiming your package is held due to an incomplete address or unpaid customs fee. You’re asked to click a link and provide your address and a small payment ($1-3). What you’re actually providing is your payment card details to a phishing site.

What it looks like:

USPS ALERT: Your package (ID: 9400XXXXXXXX) requires address confirmation before delivery. Redeliver fee: $1.99. Confirm within 24hrs: [malicious link]

Red flags:

• You weren’t expecting a delivery from that carrier
• Link doesn’t go to the official carrier website (usps.com, fedex.com, ups.com)
• Payment required for delivery (real carriers include delivery fees in shipping costs)

What to do: Never click links in package notification texts. Go directly to the carrier’s official website and enter your tracking number there. A VPN with malicious site blocking, like NordVPN, can also intercept connections to known phishing domains before your browser loads them.

6. Tech Support Scams — Microsoft, Apple, and Google Impersonation

Tech support scams generated over $924 million in reported losses in 2023. They’re effective because they combine authority bias with fear — and increasingly, they’re reaching people through legitimate-looking browser pop-ups rather than unsolicited calls.

How it works: A pop-up appears while browsing, claiming your computer is infected or your Microsoft account has been compromised. A phone number is prominently displayed. When called, the “technician” asks for remote access to fix the problem, then either installs real malware, steals credentials visible on the screen, or demands payment for the “repair.”

What it looks like:

⚠ MICROSOFT SECURITY ALERT ⚠ Your computer has been blocked due to suspicious activity. Your Windows license has been compromised. Call Microsoft Support immediately: 1-800-XXX-XXXX. Do NOT shut down your computer.

Red flags:

• Legitimate companies do not display your personal phone number in browser pop-ups
• Real security alerts do not include phone numbers to call
• Request for remote access is almost always a scam
• Any request for payment via gift card is always a scam

What to do: Close the tab (or force-quit the browser if the pop-up prevents it). Do not call the number. If you’re worried about your computer’s security, run a scan using legitimate software you downloaded directly from its official source.

Your Baseline Protection

Across all these scams, a few principles apply universally:

Verify independently. Any contact asking for money, credentials, or personal information should be verified through a number or website you look up yourself — not one provided in the message.

Slow down. Urgency is manufactured. Real deadlines from real institutions allow time to verify.

Block at the network level. A VPN service like NordVPN includes threat protection that blocks known malicious domains before your browser even loads them — catching phishing sites, malware download pages, and fraudulent domains that impersonate legitimate companies. It’s not a replacement for vigilance, but it catches mistakes before they become losses.

Report what you see. The FBI’s IC3 at ic3.gov and the FTC at reportfraud.ftc.gov both accept reports. Your report contributes to investigations that may eventually disrupt the operations targeting you and everyone else.

Read our complete guide to how to spot phishing emails for the technical details on identifying fraudulent messages before you click anything.