This week in scams, the biggest threats showed up as routine security messages, viral consumer “warnings,” and AI-generated content that blended seamlessly into platforms people already trust.
Every week, we bring you a roundup of the scams making headlines, not just to track what’s happening, but to explain how these schemes work, why they’re spreading now, and what you can do to stay ahead of them.
Here are scams in the news this week, and safety tips from our experts at McAfee:
Amazon One-Time Passcode Scam: How Fake Security Calls Hijack Real Accounts
Scammers are increasingly impersonating Amazon customer support to take over accounts using real one-time passcodes (OTPs), not fake links or malware.
Here’s how the scam works in practice.
What is the Amazon one-time passcode scam?
Victims receive an unsolicited phone call from someone claiming to work for Amazon. The caller says suspicious activity has been detected on the account and may reference expensive purchases, often items like smartphones, to make the threat feel credible.
The call usually comes from a spoofed number and the scammer may already know your name or phone number, which helps lower suspicion.
How scammers use real Amazon security codes
While speaking to you, the scammer attempts to access your Amazon account themselves by entering your phone number or email address on the login page and selecting “forgot password” or triggering a login from a new device.
That action causes Amazon’s real security system to send a legitimate one-time passcode to your phone or email.
If you read that code aloud or share it, the scammer can immediately:
- Complete the login process
- Change your account password
- Access saved payment methods
- Place fraudulent orders or lock you out of the account
The scam works precisely because the code is real—and because it arrives while the caller is convincing you it’s part of a routine security check.
Key red flags to watch for
- Unsolicited calls claiming to be from Amazon
- Requests to share a one-time passcode
- Pressure to act quickly “to secure your account”
Important to remember: Amazon will never contact you first to ask for your password, verification codes, or security details. If you receive a one-time passcode you didn’t request, do not share it with anyone.
AI Deepfake Scam on TikTok Uses Fake Princess to Steal Money
A growing scam on TikTok shows how AI-generated deepfake videos are now being used not just for misinformation, but for direct financial fraud.
This week, Spanish media and officials warned that scammers are circulating fake TikTok videos appearing to show Princess Leonor, the 20-year-old heir to Spain’s throne, offering financial assistance to users.
According to The Guardian, the videos show an AI-generated version of Leonor promising payouts running into the thousands of dollars in exchange for a small upfront “fee.”
Once victims send that initial payment, the scam doesn’t end. Fraudsters repeatedly demand additional fees before eventually disappearing.
This case highlights how deepfakes are moving beyond novelty and into repeatable, high-reach fraud, where trust in familiar public figures is weaponized at scale.
Viral Reddit “Whistleblower” Scam: When AI-Generated Posts Fool Millions
A viral post on Reddit this week shows how AI-generated text can convincingly impersonate whistleblowers, and even mislead experienced journalists.
The post claimed to come from an employee at a major food delivery company, alleging the firm was exploiting drivers and users through opaque AI systems. Written as a long, confessional screed, the author said he was drunk, using library Wi-Fi, and risking retaliation to expose the truth.
The claims were believable in part because similar companies have faced real lawsuits in the past. The post rocketed to Reddit’s front page, collecting over 87,000 upvotes, and spread even further after being reposted on X, where it amassed tens of millions of impressions.
As Platformer journalist Casey Newton later reported, the supposed whistleblower provided what appeared to be convincing evidence, including a photo of an employee badge and an 18-page internal document describing an AI-driven “desperation score” used to manage drivers. But during verification attempts, red flags emerged. The materials were ultimately traced back to an AI-generated hoax.
Detection tools later confirmed that some of the images contained AI watermarks, but only after the post had already gone viral.
Why AI-generated hoaxes like this are dangerous
- They mimic real whistleblower behavior and language
- They exploit existing public distrust of large platforms
- They can mislead journalists, not just casual readers
- Debunking often comes too late to stop spread
This incident underscores a growing problem: AI-generated misinformation doesn’t need to steal money directly to cause harm. Sometimes, the damage is to trust itself — and by the time the truth surfaces, the narrative has already taken hold.
McAfee’s Safety Tips for This Week
As scams increasingly rely on a combination of realism and urgency, protecting yourself starts with slowing down and verifying before you act.
If a message or video promises money or financial help:
- Be skeptical of any offer that requires an upfront “fee,” no matter how small.
- Remember that public figures, charities, and foundations do not distribute money through social media DMs or comment sections.
- If an offer claims to come from a well-known individual or organization, verify it through official websites or trusted news sources.
When content appears viral or emotionally convincing:
- Pause before sharing or acting on posts framed as warnings, whistleblower revelations, or exposés.
- Look for confirmation from multiple reputable outlets — not just screenshots or reposts.
- Be cautious of long, detailed posts that feel personal or confessional but can’t be independently verified.
When AI may be involved:
- Assume that realistic images, videos, and documents can be generated quickly and at scale.
- Don’t rely on appearance alone to determine authenticity, even high-quality content can be fake.
- Treat unsolicited financial requests, account actions, or “inside information” as red flags, regardless of how credible they seem.
If you think you’ve engaged with a scam:
- Stop responding immediately.
- Secure your accounts by changing passwords and enabling multi-factor authentication.
- Monitor financial statements and account activity for unusual behavior.
Final Takeaway
The scams making headlines this week share a common theme: they don’t look like scams at first glance. Whether it’s an AI-generated video of a public figure or a viral post posing as a consumer warning, today’s fraud relies on familiarity, credibility, and trust.
That’s why McAfee’s Scam Detector and Web Protection help detect scam messages, dangerous sites, and AI-generated deepfake videos, alerting you before you interact or click.
We’ll be back next week with another roundup of the scams worth watching, the stories behind them, and the steps you can take to stay one step ahead.
Introducing McAfee+
Identity theft protection and privacy for your digital life