Follow : Add us as a preferred source on Google.

Key takeaways

• NordVPN's new scam checker tool uses AI to detect suspicious content.
• You'll need more than standalone services to stay safe from scams.
• This is how to spot scams that are becoming more convincing.

Many of us have grown up with online scams, but the ones we encounter now are far removed from fake deposits, lottery wins, or messages from a long-lost relative who wants to bequeath you millions of dollars as an inheritance.

Also: A Meta-powered investment scam is spreading across 25 countries - how to spot (and avoid) it

Sure, these boilerplate phishing and spam emails exist -- if you're anything like me, hundreds of them fill my spam folder every week. But when a scammer takes the time to target their content and uses new technology to improve their lure emails, they can be difficult to spot.

The problem is that AI can be abused to generate convincing scams that lack the hallmarks of past phishing campaigns. An estimated 82.6% of phishing emails use some form of AI, but can we turn the tables and use AI to fight the trend?

NordVPN's free scam checker

This week, NordVPN launched an AI-powered scam checker tool. It's free and web-based, allowing you to quickly check a link, file, or text for evidence of a scam. You can also upload an image or screenshot.

You don't need an account to sign up for it -- simply visit the page, submit the information you want to verify, and click analyze.

NordVPN's service then checks URLs, email addresses, and phone numbers against known malicious databases and sources. If you want to analyze a body of text, an AI algorithm checks the content for patterns "commonly used in scams, such as scare tactics and artificial urgency," according to the company.

I wanted to see how effective an AI-backed scam detector could be. While testing out the web service, I first compared a typical, run-of-the-mill lottery scam pulled from my inbox. 

Success. It's quite useful to find out why, too, as the scam checker explains which indicators suggest this message is fraudulent.

"The message contains several red flags indicative of a scam, including unexpected lottery winnings, a large sum of money, and a request for personal information or fees to claim the prize. It also mentions an unverified bank and a sponsor that does not typically host lotteries, such as Coca-Cola. These elements are common tactics used in phishing scams to deceive victims into providing sensitive information or sending money."

Many of us would naturally recognize this as a scam -- but what about something more advanced?

The rise of recruitment scams

Hardly a day goes by that we do not hear about yet another round of layoffs. Many are worried about the impact of AI on their jobs and future prospects, and as a result, fraudsters are taking advantage of our fears.

Employment scams can take the form of fake job postings, messages, pay-for-access and training schemes, and, perhaps more recently, targeted recruitment scams for high-level roles. 

Also: I'm a tech professional, and an AI job scam almost fooled me - here's how I caught on

Over the past few weeks, I've been sent at least one or two unsolicited emails daily from "recruiters" that bypass Google's spam and phishing email filters -- a perfect opportunity to test whether or not AI defense tools could detect them, when Google cannot.

As a Reddit user also experienced, there are red flags that indicate they are a scam. Too good to be true roles, generic requests for information, a lack of a professional email address or website (every message was sent via Gmail), and no phone number. 

The test

I've been playing with this recruitment scammer for a while, and they appear to have done their homework. Information was pulled from my LinkedIn and then bolted together, and according to ChatGPT, the "overly dense, stitched phrasing" and "hyper-personalization" -- referencing multiple parts of my background in one long sentence -- is typical of AI pulling from a profile.

Add a sentence about a selective process to stroke the ego, and perhaps you'll respond to such an exciting opportunity. 

I wanted to know how this scam worked, as it isn't often that I come across targeted attempts that slither into my inbox.

Red flags and what to look out for

This scam focuses on building trust. There was no pressure to hand over any information, and I should only give him my CV if I was interested in the role -- a Gartner research director in cybersecurity strategy with a $270,000 - $350,000 salary, plus incentives.  

However, the following red flags cemented my belief that this was a recruitment scam:

• Email address: While some independent recruiters and headhunters might not use a professional work email, the use of Gmail put me immediately on guard. While this email used a full name, I've also come across many using phrases like "recruitment" and "hiring solutions." 
• Unsolicited: I haven't reached out to recruiters, nor have I shown any indication that I'm looking for a new role.
• No online presence: The recruiter has no LinkedIn, no website, and no online history, as far as I could see.
• The name: "Roberts Jordan" (or was it meant to be Jordan Roberts?) sounded odd. AI could have been used for the email body itself, but a mistake was made here with the name. 
• No communication methods: Beyond the email address, no website address, physical address, or phone number was provided. 

What I found particularly interesting as a scam indicator was a subsequent email containing the full Gartner job specification. While the Gartner role does actually exist and has been posted online, the specification I received was tailored to my experience -- most likely through AI, indicated through the following wish-list sentence:

"7-15+ years of experience in cybersecurity journalism, investigative reporting, research, or advisory roles."

The trap

I sent a fake CV, which was well-received. But, to have the best chance of entering the process, I needed to complete an executive bio, an executive cover letter, and a SWOT assessment, the latter being a business assessment of Strengths and Weaknesses, and Opportunities and Threats -- something you wouldn't usually require from a job candidate, another red flag.

And now, the catch, sprinkled with urgency:

"Given the accelerated timeline for this search, the position is expected to close within the next two days, so timely submission will help ensure your candidacy continues to progress smoothly. 

To support you in preparing these materials, I work with a specialist who assists senior professionals in developing high-level executive documentation. They can help ensure everything is clearly articulated, professionally structured, and aligned with what the hiring team is specifically looking for. If you'd like, I'd be happy to introduce you so you can work together directly and finalize the materials efficiently."

This is where you are caught. The assistant, "Rachel," would help me prepare my materials -- but for a fee. 

Can AI detect AI scams?

I put NordVPN's tool to the test. I ran four of the main email messages sent by the recruiter through the system, and I received an alert for one of them, which included the assistant's email address, flagged as suspicious.

I also compared these findings with online scam checkers from F-Secure and AskSilver. F-Secure flagged the first email as phishing but did not explain why, and AskSilver refused to analyze it.

I performed these tests again with several other similar recruitment scam emails I have received recently, and the results were the same. 

How to stay protected

NordVPN's scam checker works well for standard scams and phishing content, but struggles with more advanced, targeted campaigns -- although the team is continually refining and improving the tool. It's not surprising, as threat actors are devising new ways to fleece us every day, and defenders are under pressure to stay ahead of scams and phishing trends. 

"Recruitment scams are tricky because they often avoid the typical red flags," Domininkas Virbickas, product director at NordVPN, told . "Usually, there's no suspicious link or threatening language at the start. The best way to spot them is to pay attention to the process itself. 

Legitimate recruiters don't offer jobs without a proper interview. They don't immediately push you to other platforms like WhatsApp or personal email. And they certainly don't ask for sensitive personal information or money before you've been formally hired. Whether it's a "training fee," equipment purchase, or depositing a check, any job opportunity that asks you to spend or move money is almost certainly a scam."

Today's recruitment scams might span days or weeks in order to create a level of trust before the trap is sprung. You should always treat unsolicited emails with caution and note the email address used -- especially if there's no corresponding website, phone number, or online profiles. 

Even handing over your CV can be a risk, as it may contain personal information such as your address and phone number. Never pay for an advisory service unless you know it is legitimate, and if a role is proposed to you, it's worth checking online for evidence or even contacting HR for verification. 

At this moment in time, regardless of the influence of AI, it is still up to us to protect ourselves, our information, and our wallets by following a basic rule: if it looks too good to be true, it probably is. 

Featured

My top six Windows 12 predictions - including its most likely release date

I was glued to my phone all day - these 7 tricks helped me break the habit

Traditional Wi-Fi router vs. mesh: How to decide between the 2 popular networking options

The best business desktops of 2026: Expert tested and reviewed

• My top six Windows 12 predictions - including its most likely release date
• I was glued to my phone all day - these 7 tricks helped me break the habit
• Traditional Wi-Fi router vs. mesh: How to decide between the 2 popular networking options
• The best business desktops of 2026: Expert tested and reviewed