According to Recent Research, Americans are Targeted by Scams More than Any Other Country

According to Recent Research, Americans are Targeted by Scams More than Any Other Country

Americans Get Twice as Many Scam Calls as Everyone Else

Scams now reach you everywhere. The phone rings with “potential spam,” the inbox fills with unknown senders, and texts arrive that ask for clicks or quick replies.

New research shows how relentless this has become. In the United States, people face close to one hundred scam encounters each month through calls, emails, and texts. The United Kingdom is not far behind. Other regions see fewer attempts, yet the pressure is steady worldwide and it follows you onto social media each week.

This volume would be stressful in any era. In the age of artificial intelligence, it becomes confusing and risky. Messages look tailored, voices sound real, and fake apps feel polished. At the same time, confidence drops. Few people feel sure they can tell real from fake every time, and many still rely on passwords that are easy to forget and easy to steal. Brands once trusted now face hard questions, and a cautious mindset replaces casual clicks.

You are not powerless in this climate. Clear habits and safe behaviors protect you. Stronger sign-in methods like passkeys reduce the damage when a password leaks. Simple checks before you respond slow down attacks that depend on speed. Calm attention turns a noisy threat landscape into a manageable set of choices. This research maps the reality you face and points you toward practical steps that keep your identity, your money, and your peace of mind intact.

According to Talker Research:

Americans receive fraudulent or scam messages twice as much as other countries, according to new research.
A poll of 10,500 adults from around the world found that the average American navigates an average of nine calls, nine emails and another seven text messages every single week, or about 100 scam encounters per month.

Similarly, Brits navigate an average of 84 different scam attempts during a typical month.

By comparison, those in Singapore only encounter three scam calls and texts per week as well as four emails, or a total of 40 scam attempts per month, while Australians fall somewhere in between, navigating about 52 spam messages per month.

Those in the U.K. and the U.S. top the list of the most emails in their spam inboxes right now, both averaging more than 350, while Indonesians average less than half of that, about 154.

More often than not, respondents either delete messages immediately (53%) or block the sender (52%) upon receiving a fraudulent message, though about a quarter of those in India (23%) and the United Arab Emirates (27%) will try to verify the address it was sent from, just to be sure.

Almost half (46%) of Indians and more than one-third of Brits (35%) are the most likely to answer a phone call that says “potential spam,” compared to 31% of Americans and just 22% of Swedes.

And it seems scams are integrating into just about every aspect of life — even on social media, people can’t escape fraud. Across the globe, people average five weekly spam messages on their social channels.

Conducted by Talker Research on behalf of Ping Identity (https://www.pingidentity.com), the survey took a realistic look at how people across the globe battle bots and sniff out scams in the age of AI.

Compared to five years ago, three-quarters of respondents are more concerned about the security of their personal and private information.

On top of that, only 23% of those polled are “very confident” in their ability to determine if something is legitimate or a scam.
Interestingly, saving sensitive information such as passwords and payment details on social media (25%) ranked as one of the top online activities that make people feel most susceptible to fraud, scams or identity theft.

Twenty-three percent even find that using social media in general leaves them feeling vulnerable, with Indonesia (31%) being the most wary.

Across the board, people are overwhelmingly most concerned about financial fraud (46%), followed by personal data breaches (25%).

“According to the survey, respondents use just 12 unique passwords for work, and 17 for personal accounts, which is not only a huge inconvenience but exposes significant risk, as passwords are the number one cause of breaches,” said Darryl Jones, Vice President of Consumer Segment Strategy at Ping Identity. “Passwords alone are not enough to protect your data; they’re easily compromised, and attackers are even impersonating multi-factor authentication requests. A stronger option is to adopt passkeys, which use a private key stored on your device and are protected by biometrics like face or touch ID. Passkeys are both a safer and simpler way to keep your information secure in the age of AI.”

And as the 21st Century continues to unfold, fraud attempts are only going to get more sophisticated.

AI-driven phishing (39%) or personalized messages meant to trick individuals into revealing sensitive information, and fake apps (38%) mimicking legitimate services or vendors (but with malware), are the top two most concerning “futuristic” methods.

Across the globe, 23% of those polled have actually fallen victim to some type of fraud, scam or identity theft.

Financial identity fraud (25%) and account take-overs (21%) were the most common schemes.

This may be because respondents find themselves forgetting or misplacing a password (38%) more often than they use multi-factor authentication (30%).

“Consumer confidence in global brands is eroding fast. We’ve entered a ‘trust nothing’ era, where people are questioning every call, message, and even the companies they once relied on,” said Jones. “The challenge now is for organizations to prove they deserve that trust, and that starts with stronger, smarter identity protection.”

TOP “MODERN” SCAMS PEOPLE AROUND THE WORLD FEAR MOST

• AI-driven phishing (personalized AI messages written using data from social media or web history that are meant to trick individuals into revealing sensitive information) – 39%
• Fake apps (apps mimicking legitimate services or vendors, but with malware) – 38%
• Deepfake attacks (AI-generated video or audio mimicking someone you know, such as a celebrity, public figure, or CEO) – 32%
• Voice cloning scams (using a friend or family member’s voice to create convincing calls) – 31%
• Synthetic identity fraud (creating a new identity using a combination of both real and fake data) – 29%
• AI-generated influencers and personalities (AI influencer and social media accounts, may ask for donations, merchandise, etc.) – 29%
• Augmented Reality (AR) scams (fake or manipulated digital content within an AR environment; may involve overlaying fake offers, costs, etc.) – 21%

Survey Methodology

Talker Research surveyed 10,500 general population adults (2,000 U.S., 2,000 U.K., 1,000 France, 1,000 Germany, 1,000 Australia, 1,000 Singapore, 500 India, 500 Indonesia, 500 Netherlands, 500 Sweden, 500 UAE); the survey was commissioned by Ping Identity and administered and conducted online by Talker Research between July 28 and Aug. 11, 2025.

Glossary

• Account takeover (ATO) — This term describes when a criminal gains control of an existing online account and locks out the rightful owner. The attacker then drains funds, redeems points, or uses the account to trick contacts. Clear recovery steps include resetting credentials, enabling multi-factor authentication, and notifying the service’s fraud team.
• AI-driven phishing — This describes phishing messages written with artificial intelligence using details pulled from public posts or breached data. The notes feel personal and timely, which lowers a reader’s guard. Verifying the sender through a separate channel reduces the risk.
• AI-generated influencer — This refers to a computer-created persona that posts, chats, and sells as if it were a real person. The profile can ask for donations, gifts, or “exclusive” purchases. Checking verification badges and searching for creator disclosures helps expose fakes.
• Augmented reality (AR) scam — This describes fraud that overlays false offers or prompts inside an AR app or device. The visual layer looks official and can nudge a user into payment or disclosure. Installing apps only from trusted stores and disabling unknown AR “filters” lowers exposure.
• Authentication factor — This means something a person knows, has, or is, used to prove identity when signing in. Strong logins combine more than one factor, such as a passkey on a phone plus a biometric check. Single-factor logins fail more often during attacks.
• Biometrics — This refers to physical traits like face or fingerprint used to unlock devices or approve sign-ins. Biometric checks protect the private key behind a passkey and replace many typed passwords. Keeping device software updated helps keep biometric data secure on the device.
• Bot — This describes automated software that sends mass emails, texts, or calls at machine speed. Bots also test stolen passwords across many sites. Rate limits and strong authentication reduce the damage when bots attack.
• Breach (data breach) — This term means private information was exposed or stolen from a company or service. Exposed data can fuel targeted phishing and account takeover. Affected users should change passwords, turn on multi-factor authentication, and watch financial accounts.
• Caller ID spoofing — This refers to a trick that makes a phone call look like it comes from a trusted number. The goal is to get the call answered or to rush a decision. Calling back using a known, saved number protects against pressure plays.
• Confidence rating — This means how sure a person feels that a message or call is legitimate. Low confidence is a signal to slow down and verify before acting. A brief pause prevents most rushed mistakes.
• Credential stuffing — This describes criminals testing leaked passwords on many sites to see where they still work. Reused passwords make this attack succeed. Unique credentials and passkeys stop the chain.
• Deepfake — This term covers AI-generated audio or video that convincingly imitates a real person. The fake asks for money, gift cards, or private info under pressure. A live video call with a specific gesture request or a separate verification call helps expose it.
• Denial-of-service (DoS) — This describes flooding a network or service so that it fails to respond. Criminals use it to distract teams while running other fraud. Keeping recovery contacts handy speeds response if services go down.
• Device key (private key) — This refers to the secret part of a passkey that stays on a person’s phone or computer. It works only when unlocked by biometrics or a PIN. Because it never leaves the device, it resists theft in phishing attacks.
• Digital hygiene — This means daily habits that keep accounts and devices safer. Examples include updates, unique credentials, and careful app installs. Small routines reduce large risks over time.
• Financial identity fraud — This describes using someone’s personal information to open accounts, take loans, or move money. Victims see surprise bills or credit alerts. Fast reports to banks and credit bureaus help contain losses.
• Fraudulent message — This term covers emails, texts, or direct messages designed to steal money or data. The note often uses urgency, secrecy, or rewards to spark action. Independent verification before clicking is the safest response.
• Malware — This means harmful software that steals data, spies on activity, or takes control of a device. Fake apps and attachments often deliver it. Installing only from official stores and using built-in protections lowers risk.
• Multi-factor authentication (MFA) — This refers to using two or more checks to sign in, such as a passkey plus a code. It blocks most account takeovers, even when a password leaks. App-based or passkey methods are stronger than codes sent by SMS.
• Passkey — This describes a password replacement that uses a device-stored private key and a public key at the service. Approval happens with face or touch, so nothing is typed or phished. Passkeys lower breach risk and simplify sign-ins.
• Password manager — This tool creates and stores strong, unique passwords for each site. It reduces reuse and memory mistakes. Protecting the manager with MFA improves safety further.
• Password reuse — This means using the same password on more than one account. One leak then opens many doors. Unique credentials or passkeys close that path.
• Personal data — This refers to information that can identify a person, like name, address, birthdate, or identifiers. Criminals combine small pieces into convincing attacks. Sharing less in public profiles reduces targeting.
• Phishing — This describes messages that impersonate trusted brands or people to trick readers into clicking or sharing. The links lead to fake sign-in pages or malware downloads. Directly visiting the known website instead of using the message link prevents most theft.
• Privacy settings — This means controls in apps and social media that limit who can see posts, friends, and contact details. Tighter settings reduce data available for AI-driven targeting. Reviewing settings quarterly keeps them current.
• Risk signal — This term covers clues that a message or call may be unsafe, such as urgency, payment by gift card, or secrecy. One signal may be noise; several together mean stop and verify. Treating signals as prompts to pause protects money and identity.
• Scam attempt — This describes any effort to deceive for gain, including calls, texts, emails, or social posts. The volume can be high, so filters and blocks help. Tracking patterns at home helps everyone respond consistently.
• Sensitive information — This refers to details that enable theft, such as passwords, PINs, full card numbers, or one-time codes. Legitimate companies do not ask for these by unsolicited message. Refusing to share protects accounts.
• Smishing — This means phishing by SMS or messaging apps. Short links and urgent delivery claims are common hooks. Visiting the official site or app directly is the safer path.
• Social engineering — This describes manipulating human trust and emotion rather than hacking code. Tactics include urgency, authority, fear, and flattery. A calm, step-by-step verification habit defeats most of these ploys.
• Spam filter — This tool routes unwanted or risky messages out of the main inbox. It reduces exposure to mass fraud. Checking the spam folder only when needed prevents accidental clicks.
• Synthetic identity fraud — This refers to creating a new identity from a mix of real and fake data. Criminals build credit slowly, then run up debt and vanish. Freezing credit files for minors and using credit alerts helps block this crime.
• Two-factor authentication (2FA) — This means using two different checks, such as a password plus an app code. It is a basic form of MFA and stronger than a password alone. App-generated codes or hardware keys are preferred over SMS.
• Voice cloning — This describes AI that copies a person’s voice to request urgent money or information. The caller may claim an emergency and demand quick action. Calling the real person back on a known number prevents harm.
• Vulnerability — This term means a weakness that makes fraud easier, such as reused passwords, open profiles, or old software. Fixing one weakness at a time steadily lowers risk. Regular reviews keep the defenses current.
• “Trust nothing” mindset — This describes a practical stance where unexpected messages, links, and calls are treated as untrusted until verified. The mindset slows decisions and adds simple checks. It protects peace of mind in a high-volume threat world.