The new scams that know you by name

August 16, 2025

By Kim Komando

Ever get a text that feels … a little too real? You know the ones: “Your account has been locked. Click here to verify.” Most of us roll our eyes and delete them. 

But the new generation of scams? They’re scarier and a whole lot smarter.

📱 Smishing goes high-tech

In the past month, investigators uncovered a Chinese cybercrime group that stole data on up to 115 million U.S. payment cards over 16 months. That’s one card for every three people. 

They didn’t skim them from ATMs. They tricked people into handing over their card info through fake payment alerts sent to phones, aka “smishing” or phishing through text messages.

Those stolen cards were instantly loaded into mobile wallets and used before victims could blink.

💍 The ‘small’ breach that isn’t

Jewelry brand Pandora admitted a hacker got hold of customer names and email addresses via a third-party platform. No passwords, no payment info. Sounds harmless, right? Wrong. 

That data is a gold mine for cybercriminals. Why? 

It makes their fake messages frighteningly believable. Picture this: “Hi, [Your Name], we noticed unusual activity on your Pandora account…” See how quickly you’d lower your guard?

🕵️‍♂️ Phishing-as-a-service

Criminals are running ready-made scam platforms with names like “Sneaky 2FA” and “Tycoon 2FA.” These are crazy. You pick a phishing email, select email addresses, pay for it and they are sent out. These services make it easy to mimic real login pages and even trick two-factor authentication systems.

The scams that used to have bad grammar and blurry logos now look pixel-perfect and could even fool your suspicious, IT-paranoid uncle.

🥊 So how do you fight back? 

The average person reuses the same password across 14 different accounts. That’s not security, that’s basically giving hackers a BOGO deal.

Step one: Stop reusing passwords. If one account gets hacked, you’ve basically handed over the keys to your entire digital life.

Step two: Use a password manager; do not store passwords in your browser. A password manager creates strong, unique passwords for every account, stores them securely and autofills them only on legitimate sites. That way, even if a scam text gets past your defenses, it can’t trick you into typing in the password to your bank account, email or shopping site.

The one I recommend is not just another password manager, NordPass:

Setup takes less time than making a cup of coffee, and it’s way faster than untangling the nightmare after a hack. Your name, your accounts and your peace of mind are worth it.

✅ Right now, save 52%, get 1 extra month free, and you’re covered by a 30-day money-back guarantee

https://www.komando.com/news/security/the-new-scams-that-know-you-by-name/