April 5, 2026
April Fools Jokes Are Over, but These Scams Aren’t Fun Pranks
Spring is one of the most productive seasons for hackers. Not because teams are careless, but because everyone is busy, a little distracted and moving quickly. That’s when the almost believable messages slip through — the kind that blend into a normal workday and don’t feel dangerous until it’s too late.
Here are three scams working right now. Not on gullible people, but on sharp, well-meaning employees who are simply trying to get through their day.
As you read through these, ask yourself one honest question:
Would everyone on my team pause long enough to catch each one?
Scam #1: The Toll Road (or Parking Fee) Text
An employee receives a text message:
“You have an unpaid toll balance of $6.99. Pay within 12 hours to avoid late fees.”
It references a real toll system — E-ZPass, SunPass, FasTrak — whichever matches the state they’re in. The amount is small enough not to trigger alarm bells. They’re between meetings, so they click, pay and move on.
Except the link wasn’t real.
The FBI received more than 60,000 complaints about fake toll texts in 2024, and the volume jumped over 900% in 2025. Researchers have identified more than 60,000 fake domains created specifically to impersonate state toll systems — a level of infrastructure that shows just how profitable this scam has become.
Some of these messages have even been sent to people in states that don’t have toll roads at all.
The reason it works is simple:
Six dollars doesn’t feel risky, and most people have recently driven through a toll or parked downtown, so the message feels completely plausible.
The guardrail that helps
Legitimate toll agencies don’t demand immediate payment via text message links.
Smart organizations make it a rule:
No payments happen through text-message links.
If something might be legitimate, employees go directly to the official website or app themselves. They never reply — not even “STOP” — because responding confirms the number is active and invites more messages.
Convenience is the bait. Process is the defense.
Scam #2: “Your File Is Ready”
This one blends perfectly into everyday work.
An employee receives an email notification that a document has been shared with them. It’s usually something routine — a contract in DocuSign, a spreadsheet in OneDrive or a document in Google Drive.
The sender’s name looks right.
The formatting looks identical to every other file-share notification they receive.
They click the link.
They’re prompted to log in.
They enter their work credentials.
Now someone else has them — and if those were their company login credentials, the attacker is inside your cloud environment.
This type of attack has exploded.
Phishing campaigns abusing trusted platforms like Google Drive, DocuSign, Microsoft and Salesforce increased 67% in 2025, according to KnowBe4’s Threat Labs. Google Slides-based phishing links alone spiked more than 200% in a six-month period.
Even more concerning, employees are seven times more likely to click a malicious link coming from OneDrive or SharePoint than from a random email because the notification looks completely legitimate.
The newest versions are even harder to detect.
Attackers create files inside compromised accounts and use the platform’s own sharing features to send the notification. That means the email actually comes from Google’s or Microsoft’s real servers. Your spam filter doesn’t flag it because, technically, it is a legitimate notification.
The guardrail that helps
If a shared file wasn’t expected, employees should avoid clicking the link in the email.
Instead, they open their browser and log directly into the platform themselves. If the file is legitimate, it will appear there.
Businesses can also reduce risk by:
• Restricting external file-sharing permissions
• Enabling alerts for unusual login activity
These are two security settings most IT teams can configure in about 15 minutes.
A boring habit. A very effective result.
Scam #3: The Email That’s Written Too Well
Remember when phishing emails were easy to spot?
We were trained to look for broken grammar, strange formatting and obvious nonsense.
Those days are over.
A 2025 academic study found that AI-generated phishing emails achieved a 54% click rate, compared to just 12% for human-written ones — more than four times as effective.
The reason is simple.
These emails don’t look like scams anymore.
They reference real company names, real job titles and real workflows, all scraped from LinkedIn profiles and company websites in seconds.
The newest tactic is departmental targeting.
Your HR or payroll team receives fake employee verification requests.
Your finance department receives vendor payment change requests.
In one recent test, 72% of employees engaged with a vendor impersonation email, which was 90% higher than other types of phishing attempts.
The messages are calm, professional and just urgent enough to feel real.
They look exactly like a normal Tuesday in your team’s inbox.
The guardrail that helps
Any request involving credentials, payment changes or sensitive data should always be verified through a second channel.
That might be:
• A phone call
• A chat message
• A quick walk down the hall
Before clicking any link, employees should hover over the sender’s email address to confirm the actual domain.
And when an email creates urgency, the urgency itself should be treated as the warning sign.
Real security doesn’t rely on panic.
What This Really Comes Down To
All of these scams rely on the same four ingredients:
Familiarity
Authority
Timing
The assumption that “this will only take a second.”
That’s why the real risk isn’t a careless employee.
It’s systems that assume everyone will always slow down, double-check and make the perfect decision under pressure.
If one rushed click could derail your day, that’s not a people problem.
It’s a process problem.
And process problems are fixable.
That’s Where We Can Help
Most business owners don’t want to turn cybersecurity into another internal project or become the person responsible for teaching everyone what not to click.
They simply want to know their business isn’t quietly exposed.
If you’re wondering what your team might be dealing with — or you know another business owner who probably should — we’re happy to have a conversation.
Schedule a short discovery call where we’ll talk through:
• The types of scams businesses like yours are seeing right now
• Where vulnerabilities typically appear in everyday workflows
• Practical ways to reduce risk without slowing people down
No pressure. No scare tactics.
Just a quick conversation to identify potential risks and discuss simple ways to eliminate them.
If this isn’t for you, feel free to forward it to someone who might appreciate the heads-up.
Sometimes simply knowing what to look for is enough to turn a “would have clicked” into a “nice try.”
Book your 10-minute discovery call here
