2025 MOBILE SCAM REPORT
Tap. Swipe. Scam.
How everyday mobile habits carry real risk.
Introducing the 2025 Mobile Scam Report
Mobile phones are the new frontline of digital deception, providing scammers and hackers with the most direct portal in cybercrime history to trick the public, steal their funds, ruin their reputations, and leave them feeling helpless.
It wasn’t always this way, but as smartphones have revolutionized how we work, connect, and shop with the world at large, thieves have pounced.
“Tap, Swipe, Scam: How everyday mobile habits carry real risk” reveals the scale and evolution of mobile threats—and the emotional, financial, and functional damage they leave behind. Based on a survey of 1,300 mobile users across the US, UK, and DACH region (Germany, Austria, and Switzerland), the report reveals a mobile reality full of tension: high concern, low action, and increasingly blurred lines between what’s safe and what’s not.
Amid this confusion, the public are beset by scams. Nearly half of users encounter mobile scams daily, with younger generations hit hardest
Phishing texts arrive from endless new phone numbers, deepfake extortion threats upend lives, and scams everywhere now mimic routine interactions—hiding behind QR codes, imposter websites, and even high-ranking Google ads.
The crisis is compounded by convenience, as habitual data sharing, informal commerce, and neglected app hygiene leave users wide open to attack.
Despite the risks, few take protective actions. Basic security tools go unused and most people don’t report scams. Instead, many see these threats as the cost of mobile life, choosing resignation over protection and prevention.
In the end, “Tap, Swipe, Scam” reveals that mobile threats aren’t just technical—they’re deeply personal. Our phones hold our identities, relationships, and lives. It’s time we take their protection seriously.
“I felt like I was in a horror movie. I never thought it would happen to me like this.“
—US survey respondent who experienced an impersonation scam via smartphone
What you should know
From feeling overwhelmed by constant mobile threats to the emotional toll of falling victim to a scam, here are five key themes from “Tap, Swipe, Scam.”
Mobile threats at every turn
Scams are now part of everyday life:
Nearly half of users encounter mobile scams daily,
with exposure highest in the US (51%) and UK (49%), and notably lower in DACH (38%).
Scams are hard to spot:
2 in 3 say it’s hard to “tell apart a scam from the real thing” and only 15% strongly agree they could detect a scam.
When risk becomes reality
Scams are personal and prevalent:
36% of users have fallen victim to a scam, and three in four have encountered social engineering attempts like phishing and impersonation scams.
Gen Z is hit hardest: 28% have experienced extortion scams, including deepfakes and sextortion—far higher than Gen X (15%) and Boomers (7%).
Death by a thousand taps
Everyday habits increase exposure:
Nine in ten mobile users share personal data with apps, grant permissions, and trade data for deals—leaving them open to attack.
Resignation is growing:
While 77% worry about mobile risks, one in four users say they’ve stopped caring—accepting scams as an inevitable cost of being online.
The human toll of scams
Emotional fallout is widespread:
75% of victims report serious emotional consequences, and 46% struggle with mental health effects like anxiety, depression, and lost trust.
Scams disrupt daily life:
Over half of victims suffer financial loss or fraud, and more than a quarter lose access to critical digital assets like accounts, devices, or irreplaceable files.
The protection gap
Few take action: Fewer than one in five use mobile security tools or report scams, despite widespread awareness. Only 17% of victims
report to authorities, and the number is even lower for younger generations.
Regional differences reveal what works: DACH users report less fear but engage in more protective behaviors, highlighting the impact of regulation, education, and stronger digital norms.
NEW!
Stop scammers in their tracks.
Introducing Scam Guard, your built-in AI-powered chat companion exclusively available within Malwarebytes Mobile Security. Simply upload a suspicious text, link, or screenshot for on the spot advice to help avoid scams.**
**Mobile-exclusive feature
Mobile threats at every turn
Mobile scams are relentless, encountered daily by nearly half of all users regardless of region. With threats flooding every channel, it’s harder than ever to tell what’s real. Half have already fallen victim to a mobile scam or malware, and the potential financial and emotional fallout of being scammed is a major worry for all.
Encountering scams is a daily reality for many
Nearly half of all respondents encounter scams daily, with notably higher rates in the US (51%) and UK (49%) compared to DACH (38%), where stricter regulations and their enforcement help shield people from threats.
Mobile scam encounters surge among younger users: 56% of Gen Z and 51% of Millennials say they come across scams daily, compared to just 36% of Gen X and 32% of Boomers and older.
How often are they
encountering scams?
|
|
65% | |
|
Phone/ |
53% | |
|
SMS |
50% | |
|
Social media |
47% | |
|
Messaging apps |
40% | |
|
Buying/ |
36% |
No channel is safe
Scams and malware reach victims through several attack vectors, with mobile users encountering weekly threats across all channels at high levels.
While overall exposure is similar across regions, US users face phone and SMS scams even more frequently: 32% receive phone or SMS scams daily compared to 21% in the UK and 17% in DACH, and 64% receive them weekly, perhaps reflecting weaker regulations in the US and the perception of more lucrative targets.
1 in 3 mobile users struggle to spot a scam
Fear over mobile threats is pervasive
77% are worried about
mobile scams and
threats
Mobile threats fuel deep concern, underscoring a digital landscape that’s increasingly hard to navigate. Financial risks dominate, but fear of emotional impact is real: over half worry about privacy breaches and the psychological impact of being scammed.
Anxiety is widespread, but significantly higher in the US and UK (81% each) than in DACH (72%). Americans fear financial loss, identity theft, and access or time loss significantly more than Europeans—likely due to weaker consumer protections.
The outlook isn’t promising. The rapid evolution of AI is undermining people’s sense of security as scams become more intricate.
How many say they are concerned about these potential consequences of mobile scams/malware:
|
73% | |
|
70% | |
|
68% | |
|
60% |
|
58% | |
|
57% | |
|
55% | |
|
49% |
66%
worry about the future of AI and how realistic scams are going to
become.
64%
worry about the rise of mobile scams/ fraud and how it could affect them and their family
Half have already been hit by a scam or malware
Mobile threats aren’t abstract. One in two mobile users say they’ve been hit by a scam or malware. Rates are highest in DACH (56%) compared to the US (47%) and UK (42%), reflecting a stronger culture of reporting: 21% of DACH victims reported their experience to authorities, versus just 13% in the US and 15% in the UK. This suggests that higher scam/malware rates in DACH reflect that their mobile users are more willing to admit when they’ve been a victim. It’s likely scam/malware rates are similarly high in the US and UK.
Gen Z (49%) and Millennials (43%) are significantly more likely to have fallen victim to a mobile scam or malware than Gen X (35%) or Boomers and older (22%), likely tied to their deeper digital engagement and constant connectivity.
When risk becomes reality
Mobile users encounter scams at alarming rates. More than a third have fallen victim to a social engineering scam, and nearly one in five have experienced an extortion scam. Gen Z is especially vulnerable: nearly one in three have fallen victim to a high-impact threat like deepfake scams or virtual kidnapping. Overall, threat exposure of every kind rises sharply among younger mobile users, a worrisome trend for generations to come.
Social engineering and financial fraud are widespread
Nearly three quarters of mobile users have encountered social engineering scams, and one in three have fallen victim, illustrating how effective scammers are at exploiting human trust. The most common traps are phishing, smishing, and vishing—scams delivered via email, text, or phone calls that trick users into revealing personal information.
How many have encountered that scam and how many have fallen victim to it?
|
ENCOUNTERED THE SCAM |
VICTIMS OF THE SCAM | |
|
Phishing/ smishing/ vishing |
53% |
19% |
|
USPS/FedEx/Postal scams |
42% |
12% |
|
Impersonation scams |
35% |
10% |
|
Marketplace or business scams |
33% |
10% |
|
Romance scams |
33% |
10% |
|
Job or “task” scams |
27% |
7% |
|
Bitcoin/cryptocurrency scams |
26% |
8% |
|
Political or charity scams |
26% |
7% |
Malware sneaks its way in—especially through ads
Malware—like trojans, infostealers, and adware—continues to affect mobile users at high rates. Ad-related malware is particularly pervasive, with nearly one third having fallen victim. One in five have experienced some form of device intrusion, including stalkerware (5%) and spyware (7%).
Mobile users in DACH (55%) are significantly less likely to encounter or experience ad-related malware compared to the US (62%) or UK (60%), likely due to stronger GDPR enforcement and proven lower digital ad engagement.
Extortion scams pose a serious threat
Nearly one in five have fallen victim to fake hostage calls, sextortion, deepfakes, or ransomware. The rapid rise and growing sophistication of AI is making extortion scams more of a risk than ever before.
Gen Z and Millennials are far more likely to encounter extortion scams than older generations. 58% of Gen Z and 52% of Millennials say they’ve come across one, compared to just 35% of Gen X and 23% of Boomers and older.
Gen Z isn’t just seeing more extortion scams—they’re falling victim at higher rates: 28% say they’ve personally experienced one, including virtual kidnapping (13%), deepfakes (13%), general extortion (13%), and sextortion (11%).
How many have encountered that scam and how many have fallen victim to it?
|
ENCOUNTERED |
VICTIM OF | |
|
Ransomware |
26% |
8% |
|
Sextortion |
24% |
7% |
|
Extortion |
23% |
7% |
|
Deepfake scams |
20% |
6% |
|
Virtual kidnapping |
318% |
5% |
“The woman asked for a small amount of money which I was reluctant to give, but she harassed me, so I decided to. Then she wanted to send me money to send to her friend. I accepted the money, but then alarms went off and I never sent it to her friend. I later learned about money mules. She then threatened to kill me because I had taken $1k when she only got $300. I then blocked her and called the police because I was scared.“
—Gen Z survey respondent
Death by a thousand taps
Mobile scams often mirror everyday interactions people have with trusted friends, websites, and businesses. From casual commerce to routine data sharing, mobile users—especially younger generations and those in the US—engage in a range of behaviors that leave them exposed. Many know the risks, but growing resignation has replaced caution with acceptance for many.
Seemingly harmless habits carry hidden risk
Routine phone habits like clicking tracking links (83%), comparing prices (85%), and sharing personal data (88%) open the door to fraud. Mobile first link-clicking is now the norm for many (39% say they’re more likely to click a link on their phone than they are their computer), especially for Gen Z (48%). Gen Z and Millennials consistently trade convenience for risk more than older groups.
Casual commerce is widespread
While 61% worry about mobile purchases, most engage in scam-prone casual commerce, where the risk isn’t always just financial. For some, the loss can include eagerly awaited one-of-a-kind items, or meaningful services like a commissioned tattoo—blending emotional pain with financial loss.
What types of casual commerce missteps?
for a lower price
“I ordered drinks that are no longer available, and they never arrived. Many friends and I are collectors of this brand and wanted to see it as an investment and experience the taste. The seller came across as convincing.“
—DACH respondent
Data for deals is a dangerous norm
Exchanging data for deals often means handing over personal information to unchecked sources who can use, sell, or exploit it at any time. Users in the US (65%) are especially likely to share personal details like phone numbers for promotions compared to DACH (53%) and the UK (60%).
Gen Z and Millennials are the most deal-driven: they’re far more likely than older generations to share their number, download an app, or DM a brand in exchange for a discount.
What are the most common data exchanges?
discount or discount code
Nearly every mobile user invites access to their data
Almost 90% of mobile users share deep levels of personal data with apps and websites. Younger users are the most permissive: 91% of Gen Z and Millennials say they grant apps access to their location, camera, photo library, and/or contacts compared to 80% for Gen X and older. Nearly 75% use credentials from platforms like Google or Facebook to sign into new apps and websites (versus 73% for Gen X and 48% for Boomers and older). While these shortcuts streamline access, they also leave a trail of interconnected data that can increase exposure to scams and malware.
grant app permissions
73%
share location data with apps that ask for that permission
70%
give apps permission to access their camera, photo library, contacts, etc.
give away personal data
78%
take quizzes or surveys that collect personal info like email
63%
use existing credentials (like ‘sign in with Google’) to sign into new websites or apps
Risky mobile habits reflect signs of resignation
Mobile users across regions are aware of the dangers tied to mobile behavior, but many seem to have recalibrated their tolerance. Whether it’s downloading apps to shop, sharing personal data, or granting permissions too freely, the mindset is one of acceptance, not avoidance. For one in four, worry has been replaced by resignation.
For Gen Z and Millennials, risk is the norm. Two-thirds share personal data despite knowing the dangers, and over a third admit they don’t worry about mobile scams because it’s out of their control.
The cost of being scammed
Three quarters of mobile scam victims face serious emotional repercussions as a result of being scammed, including anxiety, distrust, and damage to their reputation. Financial harm is similarly widespread, with half experiencing monetary losses or financial fraud, including 15% who lost money permanently.
Scams take a serious psychological toll on victims
Victims of mobile scams often face serious emotional fallout—not just from what may have been taken, but from the psychological damage left behind.
Nearly half of scam victims say their mental health suffered as a result of being scammed, citing anxiety, depression, and/or a loss of trust in those around them. One in four say they were blackmailed or harassed. Almost 20% say their private information or content was leaked–with this number reaching 28% in both the US and UK (versus 11% for DACH).
Reputational harm is another consequence: 13% say their public image was affected or they lost the trust of friends, family, or colleagues.
Mobile victims across the US, UK, and DACH region recall the emotional fallout of their scam:
How many experienced each type of emotional damage due to scam:
harassed
info/content exposed
to reputation
I experienced discomfort and loss of trust, and I felt so stupid to fall for such a stupid trick.
[I lost] trust and dignity.
Everyone was angry with me.
Although I didn’t suffer any damage in the end, the experience was embarrassing and scary.
Lost 800 francs. I’d have to spend money to file a report. Since then, I’ve been afraid.
Younger victims struggle the most
86% of Gen Z and 81% of Millennial scam victims say they experienced emotional repercussions compared to 68% of Gen X and 67% of Boomers and older.
Gen Z face uniquely personal consequences: A third of Gen Z scam victims say their private info or content was exposed, including one in ten who say their sensitive photos or videos were leaked. More than one in five Gen Z victims report their reputation was damaged. For younger users, falling victim to a mobile scam can be personally devastating.
Scams cause major disruption to everyday life
Over half of mobile scam victims report financial fallout from their scam, including lost money, damaged credit, or the creation of fraudulent accounts. More than a quarter say they lost access to vital digital property, including financial accounts, devices, or irreplaceable files. One in five missed legitimate messages or payments, mistaking them for scams. These findings are similar across the US, UK, and DACH, showing that the financial and functional fallout of scams is universal.
When finances and functionality are compromised, the emotional toll isn’t far behind. These breaches go hand in hand with the fear, anxiety, and stress scam victims experience, creating the perfect storm for a potentially serious personal crisis.
How many experienced each type of functional damage due to scam:
Lost time dealing with scam:
28%Lost account access and files
27%Missed legitimate communication
20%Suffered work-related consequences
10%“[The] biggest effect was being scammed out of $2,800 via PayPal and Venmo. I thought my credit card company, Amex, or PayPal would cover me. Both refused because the transaction didn’t fall within what they protected. I felt angry and violated and [am] considering dropping my Amex account with whom I have a 40-year relationship. Reported to police who did nothing. Now working a side hustle trying to make back the money. There needs to be regulation protecting consumers from this.“
—US survey respondent
The protection gap
Despite strong awareness of, and experience with, mobile threats, protection hasn’t caught up. Fewer than one in five use basic security tools, and only 17% report scams. Many users, especially Gen Z, place too much trust in their devices while underreporting incidents and struggling with the complexity of staying safe. The result: Users are overwhelmed, under-protected, and left to navigate threats with little guidance, especially in America.
Protective actions are not a priority
Mobile users across regions recognize the threat of scams and malware, yet many don’t take basic precautions. Fewer than one in five use essential tools like antivirus, VPN, or ad blockers. While half trust their phone’s built-in security, only a third regularly install system updates or back up data.
Younger users, despite greater tech fluency, are even less protective: Gen Z are significantly less likely than older generations to back up data (23% versus 33% for Millennials and older), regularly install system updates (25% versus 41% for Millennials and older), or use any form of mobile security.
How many take each type of protective action:
Regularly check finances, avoid storing credit cards
Use 2FA, biometrics, etc.
Regularly install updates, back up data
Use security software, VPN, mobile security, etc.
Disable/check permissions, use disposable
numbers
Use a family safe word for deepfakes, educate self and family on threats
Underreporting scams is a serious issue
The vast majority never report their mobile scam or malware experience. Several factors are likely at play, including a lack of trust in authorities to act, feelings of shame or embarrassment, lack of clarity around how to report, and fear of retaliation. As one DACH user who experienced a romance scam put it:
“Because I was so ashamed, I didn’t file a report.”
Americans and Gen Z have the lowest reporting rates at 13% and 14% respectively, but reporting is universally low.
Guidance is needed, but overwhelm is real
Most users want clearer guidance on mobile threats, but the complexity of staying safe is already a barrier for many. The demand for better guidance is especially strong in the US (68%) compared to the UK (51%) and DACH (61%), where sustained public awareness efforts seem to be helping.
Where do we go from here?
“Tap, Swipe, Scam: How everyday mobile habits carry real risk” reveals a stark reality: Mobile scams are a daily threat with real emotional and financial consequences regardless of who you are or where you’re from.
Awareness of mobile threats is high and fear of becoming a victim is widespread, but many simply aren’t protecting or don’t know how to protect against these constantly evolving threats. Consumers need to actively take steps to protect themselves—like managing app access, staying informed, and using trusted security tools—and they also need clearer, more unified education to cut through the complexity. As seen in the DACH region, coordinated efforts at both the individual and institutional level can empower users to be confident and more secure in their mobile lives.
Not every routine behavior is inherently dangerous. Clicking a package link, providing a phone number for a deal, buying through a lesser-known company, and everything in between can be perfectly legitimate. But in today’s threat landscape, context is everything. Scammers exploit these everyday actions because they mimic trusted routines, and they target smartphones because for many, our phones have become a 24/7 companion that hold all our most valuable data.
The key isn’t to avoid or fear our phones, it’s to approach our everyday actions more consciously: double-check senders, limit unnecessary permissions, add protection, and slow down when something feels off. Small habits can lower our exposure to mobile threats without sacrificing the convenience we’ve come to rely on.
“I find that no matter how young I am or how much I know about this topic, there’s never enough attention. Several times, I’ve risked falling victim to scams…“
—DACH survey respondent
Methodology
Malwarebytes conducted this research using an online survey prepared by an independent research consultant and distributed via Forsta among n=1,300 survey respondents ages 18 and older in the United States, UK, Austria, Germany, and Switzerland. The sample was equally split for gender with a spread of ages, geographical regions, and race groups, and weighted to provide a balanced view. Data was collected from March 11 – March 24, 2025. All verbatim quotes included in this report have been anonymized and are used solely for illustrative research purposes. All participant responses are treated with strict confidentiality in accordance with GDPR.
Learn more about our products
*Available in the US only