The Top Scams to Watch Out For in November 2025

Cybercriminal activity is rising as we head into the busy winter period and this month we are seeing an increase in convincing impersonation scams, unsafe shopping sites and text-based attacks targeting both businesses and individuals.

One thing you may notice is how quickly these scams are becoming more sophisticated. They look more genuine, follow the tone of real companies and are far harder to spot, largely because attackers now use AI to perfect spelling and grammar and to mimic authentic communication styles.

What To Do If You Receive A Suspicious Email

The safest approach is to:

• Mark it as spam or phishing using the built-in option in Outlook or Gmail

• Delete it immediately after marking as spam

• Do not click any links

• Do not reply

• Do not forward it on (including to us)

If you think you may have clicked on something you should not have, please contact our support team as soon as possible so we can help secure your account. Never rely on the contact details inside a suspicious message.

Here are this month's top scams worth knowing about:

1. The Microsoft Email Scam

The most convincing Microsoft impersonation we have seen so far:

Attackers are registering the domain rnicrosoft.com by replacing the single letter m with the characters r and n. In many fonts these characters blend together, making the domain appear identical to microsoft.com at first glance.

These emails often warn about password resets, suspicious sign in activity or Microsoft 365 account suspension. The branding and layout look genuine and many people only realise it was a scam after clicking.

Because this attack is so convincing, we have created a full article that explains how it works, what happens if someone clicks the link and how to spot the warning signs.

Read the full article: The Rise of the rnicrosoft Email Scam and How to Spot It

2. McAfee Impersonation Email Scam

There has been an increase in emails pretending to be from McAfee and other well-known antivirus providers. These messages claim that your subscription has expired or that your device is at risk. They often pressure you to click a link to renew or secure your account.

These emails may include:

• Payment failure warnings

• Fake invoices

• Renewal alerts

• Urgent security messages

The links often lead to fake renewal pages that steal payment details or install malware. Attackers use cybersecurity brands because these alerts are more likely to be trusted and acted upon.

3. Disney Plus and Netflix Email Scams

Account verification scams designed to steal logins

Streaming service impersonation is on the rise. Which has reported a growing number of Disney Plus and Netflix emails claiming that your payment has failed or your account will be suspended unless you update your details.

The links lead to fake login pages where attackers collect passwords and card information. This is a risk for businesses as well as individuals because many people reuse passwords between personal and work accounts.

If in doubt, log in to the service directly rather than through the link.

4. Black Friday and Holiday Shopping Scams

With Black Friday and seasonal shopping in full swing, scammers are launching high volumes of fake retail sites that look professional and offer large discounts. AI tools now allow criminals to build these sites quickly and copy real branding closely.

Signs to look out for include:

• Prices far lower than genuine retailers

• No clear contact details or customer service information

• Websites that only accept bank transfer or unusual payment methods

• Brand names with misspellings or altered logos

• Poor returns or delivery information

These sites often take payment and never deliver goods or sell counterfeit items. Some may also contain malware that can compromise personal devices used for work.

The Guardian has shared a detailed article on this, read:
‘Black Fraud Day’: shoppers warned over Black Friday scams

5. Recruitment Text Messages and WhatsApp Scams

Which has reported a text message scam claiming to be from Goat Agency offering paid work, part time jobs or simple tasks for easy money. These messages often come through SMS or WhatsApp and appear personalised.

Variations of this scam are common and regularly switch between brand names. Another popular name often used are popular recruitment agencies such as Staffline.

Attackers often ask for bank details, personal information or upfront payments as part of a fake onboarding process.

If you receive an unexpected message offering work or financial reward, treat it as suspicious and the best way to check if it is a genuine job offer, you should contact the company directly via their suggested contact number or emails you find on their legitimate website.

Staying Informed

We will continue to monitor the latest threats and share the most important scams in our monthly Scam Watch so you and your team can stay ahead of new tactics.

If you would like to discuss your organisation’s cybersecurity or would benefit from advice on improving your protection, we are here to help.