5 Scams Your Spam Filter Won’t Catch

January 24, 2026 · 5 min read

Your spam filter is good at catching junk. Nigerian prince emails, sketchy pill ads, fake lottery wins — straight to the trash where they belong.

But the scams that actually cost people money? They sail right through. That’s because the most dangerous scams today don’t come with malware attachments or suspicious links your email provider can flag. They target you, not your computer.

Here are five scams your spam filter will never catch — and why they work.

1. The “bank alert” text

You get a text from what looks like Chase, Bank of America, or Wells Fargo: “Unusual activity detected on your account. Tap here to verify.” The link takes you to a page that looks exactly like your bank’s login screen.

There’s no attachment to scan. No malware to detect. Just a convincing message and a fake website. Your spam filter never sees it because it arrived by text, not email. And even if it came by email, there’s nothing technically malicious about a link to a webpage — the danger is what you do when you get there.

2. The IRS or Social Security phone call

“This is the Internal Revenue Service. There is a warrant out for your arrest due to unpaid taxes. Press 1 to speak with an agent immediately.”

The caller ID says “IRS” or shows a Washington, D.C. area code. The voice is urgent, official-sounding, and threatening. Your heart rate spikes. You press 1.

No email filter can help here. No antivirus catches phone calls. The IRS will never call you and threaten arrest — but in the moment, it feels terrifyingly real. Scammers spoof caller IDs for pennies, and they know that fear shuts down critical thinking.

3. The AI-cloned voicemail

“Grandma, I’m in trouble. I was in an accident and I need you to send money right away. Please don’t tell Mom and Dad.”

It sounds exactly like your grandchild. Same voice, same inflection, same nickname they use for you. But it’s not them — it’s an AI clone built from a few seconds of audio scraped from social media.

Voice cloning technology is cheap, widely available, and getting better every month. Nothing in your security stack catches a voicemail. There’s no file to scan, no link to analyze. Just a voice you trust asking for help.

4. The targeted phishing email

This isn’t the “Dear Sir/Madam” spam you’re used to ignoring. This is an email that uses your real name, references your actual bank, and mentions a recent purchase you really made. It looks like a legitimate email because, structurally, it is one — just with a different intent.

Your email provider’s filters are built to catch mass-blast spam. But when a scammer crafts a one-off email tailored to you, there are no red flags for the algorithm. No suspicious attachments. No known bad links. Just a well-written lie.

5. The tech support popup

“WARNING: Your computer is infected! Call this number immediately to prevent data loss.” A full-screen browser popup, blaring an alarm sound, with a phone number for “Microsoft Support.”

It’s not malware. It’s just a webpage. Your antivirus won’t flag it because there’s nothing technically wrong with a website that displays text and plays audio. The danger is calling that number, where a real person will walk you through “fixing” your computer — by giving them remote access and your credit card number.

What these all have in common

None of these scams contain a virus. None of them include a malicious attachment. None of them trip a malware signature or a spam keyword filter. They work because they target people, not computers.

They rely on urgency, trust, and emotion — a bank that needs your attention now, a grandchild who needs help immediately, a government agency that will arrest you today. And they reach you across every channel: text, phone, email, and web.

That’s why traditional security tools miss them. Spam filters protect your inbox. Antivirus protects your files. But neither one protects you.