Google Names the Most Dangerous Day of the Week for Your Smartphone
The company's statistics show billions of attempted scams monthly.
The company's statistics show billions of attempted scams monthly.
Google has shared fresh data on the performance of its built-in Android protection features designed to combat fraud in messages and calls. According to the company, the system blocks over 10 billion suspicious contact attempts every month, aiming to prevent data theft and user deception before malicious activity reaches its target.
A key element of this protection is the filter for Rich Communication Services (RCS) – the protocol that has replaced classic SMS. Over 100 million phone numbers were blocked before they could send even a single message. Furthermore, the Google Messages app features a spam filtering mechanism that uses a local neural network: suspicious messages go directly to the "spam and blocked" folder, without distracting the phone's owner. And since October, an additional protective measure has become available worldwide – the system warns about malicious links in messages, preventing users from clicking them until they confirm the message is not spam.
The company specifically noted that the most common schemes remain fake job offers. Such messages use a trustworthy tone and promise a vacancy to trick users into revealing personal data or bank details. The second most popular category consists of financial scams: from fake notifications about debts and subscriptions to false investment opportunities. Messages about parcels, attempts to impersonate government agencies, tech support fraud, and online dating scams also periodically occur.
Google spotted an interesting trend in the distribution of messages via group chats. In such campaigns, several recipients are included simultaneously, often alongside a "planted" participant who also belongs to the criminals. This participant's task is to create the illusion of a live conversation and reinforce the message's credibility. This lowers vigilance and increases the chance that the victim will take the information seriously.
Activity analysis shows that scammers adhere to a clear temporal structure. Mass messaging starts around 5 AM Pacific Time and peaks between 8 AM and 10 AM. The most active day is Monday – the start of the work week, when users are particularly vulnerable due to rushing and reduced concentration.
The schemes themselves range from mass campaigns to personalized ones. The first category involves random attempts to reach as many recipients as possible, using themes like deliveries, fines, or urgent notifications. Such messages often contain shortened links masking malicious websites. The second category involves slow and calculated attempts to build trust: a scammer might pose as an old acquaintance or a recruiter, use publicly available information about the victim, and gradually prepare them for financial loss. This group includes, for example, the scheme known as "Pig Butchering."
According to the Google team, the goal of all these scenarios is to obtain money or information, and the source of contact data is often databases of leaked information purchased on the dark web. A whole infrastructure supports these operations: suppliers of equipment for SIM farms, phishing-as-a-service (PhaaS) kits, and bulk messaging services. These elements connect the entire chain – from the scammers to the end victim.
Meanwhile, the dynamics of attacks are constantly changing: if control tightens in one country, the perpetrators simply move to another jurisdiction without physically relocating. This allows them to maintain constant activity, shifting their operational centers as needed.
