Google's integrated artificial intelligence (AI) defenses within the Android ecosystem are now blocking over 10 billion suspected malicious calls and messages each month globally. This extensive effort aims to protect users from a broad spectrum of mobile-based fraud and unsolicited communications, highlighting the increasing role of AI in cybersecurity. The company has also proactively prevented more than 100 million suspicious numbers from utilizing Rich Communication Services (RCS), thereby stopping potential scams before they can be initiated.
These significant figures underscore the scale of ongoing cyber threats and the continuous evolution of protective measures. Google's multi-layered approach leverages on-device AI to automatically filter known spam, directing suspicious texts into a dedicated "spam & blocked" folder within the Google Messages app for Android. Recent global rollouts include safer links in Google Messages, which alert users before they access URLs flagged as spam, preventing visits to potentially harmful websites unless explicitly marked as legitimate.
An analysis of user-submitted reports from August 2025 indicated employment fraud as the most prevalent scam category. This tactic involves luring individuals with fictitious job opportunities to steal personal and financial data. Following closely are financially-motivated scams, which encompass fraudulent claims related to unpaid bills, subscriptions, fees, and deceptive investment schemes. Other observed scam categories include package delivery notifications, government agency impersonation, romance scams, and technical support fraud, as detailed by The Hacker News. For more on mobile threats, read about NFC Relay Malware Exploiting Android Tap-to-Pay.
An emerging trend shows scam messages increasingly delivered via group chats rather than direct messages. This shift may occur because "group messages can feel less suspicious to recipients," particularly when a scammer includes an accomplice to validate the initial message and create the impression of a legitimate conversation. Malicious messaging activity frequently follows a "distinct daily and weekly schedule," typically commencing around 5 a.m. PT in the U.S. and peaking between 8 a.m. and 10 a.m. PT. Mondays generally see the highest volume of fraudulent messages, coinciding with the start of the workday when recipients are often busy and less vigilant.
Scammers commonly employ a "Spray and Pray" approach, casting a wide net with urgent lures tied to topical events, package delivery notifications, or toll charges. The objective is to rush prospective targets into clicking malicious, often shortened, links that mask dangerous websites to steal information. Alternatively, the "Bait and Wait" method involves more calculated, personalized targeting, where threat actors build rapport with a target over time before executing the fraud. Romance baiting, also known as pig butchering, falls into this category, as reported by The Hacker News.
The infrastructure supporting these scam operations is sophisticated, often relying on data procured from dark web marketplaces that sell information stolen from security breaches. Suppliers provide hardware for operating phone and SIM farms, which are used to send smishing messages at scale. Phishing-as-a-Service (PhaaS) kits offer turnkey solutions for harvesting credentials and managing campaigns, while third-party bulk messaging services distribute the malicious links that lead to PhaaS-hosted websites. This landscape is highly volatile, with fraudsters continuously shifting operations to areas with fewer obstacles, creating a "perpetual cycle of shifting hotspots."
Beyond message filtering, Google's expanded protective features include the "Key Verifier" tool in Google Messages, which adds an extra layer of trust to end-to-end encrypted conversations by allowing users to verify trusted contacts via QR code. Account recovery enhancements, such as "Recovery Contacts" and the option to regain access using a mobile number and previous device's lock-screen passcode, further bolster user security. Independent evaluations by Counterpoint Research and Leviathan Security Group have highlighted Android's comprehensive AI-powered safeguards across various protection areas compared to iOS. These proactive defenses, integrated into Google Messages and Phone by Google, continuously evolve to counter the sophisticated and dynamic landscape of mobile scams.