Norton’s Scam-Free Summer forecast

Road trips, live events, a packed calendar — summer seems to change how people move, spend, and make decisions. That may bring a welcome break from winter monotony, but these subtle changes in behavior create windows of opportunity for scammers.

At the same time, AI has made many categories of scam — from fake investment platforms to voice-cloned “emergency” vishing calls — significantly harder to detect, even for cautious, tech-savvy people.

To help anticipate this summer’s hottest scams, Norton’s Threat Labs team analyzed hundreds of millions of scams blocked across its global network during the summer months of 2024 and 2025. They determined which ones surged in June, July, and August and compiled our 2026 Scam-Free-Summer forecast.

Six scam types, shown in the chart below, show measurable spikes in the summer months. The remaining four scams in our forecast were selected based on emerging threat intelligence and summer trends. Read on to learn what they are, how they work, the numbers behind them, and how to avoid getting burned.

Ten summer scams to avoid in 2026

According to the threat researchers at Norton, six scam types demonstrated observable upticks in June, July, and August of 2024 and 2025, compared to the rest of the year. Imposter scams were up 144%, package delivery scams were up 89%, gambling scams were up 88%, financial scams were up 55%, tech support scams were up 30%, and lottery scams and sweepstake scams were up 22%.

Other scams may not see summer-specific surges, but they should still be on your radar as you pack your bags, fire up the grill, and mentally check out for the season.

1. Reservation Hijack scams

A Reservation Hijack scam is a highly targeted phishing attack where fraudsters use stolen booking data to impersonate hotels and steal payment information from travelers.

The numbers: Since late 2025, researchers at Gen (the company behind Norton) have identified roughly 350 distinct accommodations whose guest data has been compromised. Together, this represents around 38,000 rooms across hotels, hostels, B&Bs, and short-term rentals around the world.

How it works: You book the hotel. You forward the confirmation to the group chat. You start mentally packing. A few days later, a message lands via email, SMS, WhatsApp, or even the booking platform’s own messaging system. It uses your real name, your real dates, and your real reservation number. Then it says there’s an issue, like a payment problem or an extra verification step. You click and the page looks right, so you re-enter your card to “re-verify.” But the whole thing was a setup.

Avoid this scam:

• If you get a “re-verify” or “problem with your reservation” message, don’t automatically click the link, even if it looks real.
• If you think there could be an issue with your reservation, contact the accommodation directly using their official contact information.
• The real hotel is unlikely to ask you to re-enter your card details over text or WhatsApp; treat those requests with extreme caution.

2. AI romance scams

Avoiding romance scams in summer 2026 requires more than swiping left. The person you’ve been video chatting with and plan to meet up with while on your beach getaway? They might be AI scammers looking to build trust in order to gain access to your data and money.

The numbers: According to the Norton Insight Report on online dating and AI, of the 34% of online daters across the globe who have been targeted by a romance scam, 64% fell victim to one. And, according to reporting on FTC data by USA Today, romance scams cost U.S. victims over $1.16 billion in 2025. Cyber Safety products by Gen, including Norton, blocked 20 million dating scam attacks in Q1 2026 alone.

How it works: Scammers are using AI to generate believable profiles, hold convincing conversations, and even pass video chat verifications using deepfake tools. The old “send me a selfie holding today’s newspaper” check is officially dead. Some particularly damaging romance scam variants include:

• Pig butchering: A pig-butchering scam is a long-con relationship that usually pivots to a fake crypto “opportunity.”
• Deepfake romance: Months of “real” video chats with someone who doesn’t exist — all thanks to deepfake video technology.
• Sextortion: Fake intimate content used to manipulate you into sending real content or money.

Red flags of romance scams:

• They want to move off the dating app immediately.
• They bring up investments, crypto, or sports bets, or ask you to send them money or gift cards.
• You’ve never managed to meet up in person. Despite weeks of “almost,” something always comes up that prevents it from happening.
• Their photos look airbrushed to perfection.

3. Imposter scams

Imposter fraud spikes more than any other scam category in summer — up 144% compared to the rest of the year, according to Gen Threat Labs data. And thanks to AI voice cloning, scammers have yet another way to fool victims, meaning voice phishing just got more serious.

The numbers: Gen products, including Norton, blocked 113,026 imposter scam attacks during the 2024 and 2025 summer seasons — a 143.9% jump vs. the rest of the year. In the U.S. alone, Gen blocked 8,009 imposter scam attacks last summer, representing a 121.9% increase vs. the annual average. This data captures schemes such as family impersonation (the infamous “Hi Mom” text scam) and government impersonation (like IRS scam calls), among others.

How they work: It’s exactly the message you don’t want on vacation. A panicked voice, an urgent ask. Someone pretending to be a family member, a government agency, or a known contact needing you to send money immediately. And because scammers can now clone a familiar voice from just a few seconds of audio scraped off social media, calls from impersonators can be very convincing.

Avoid this scam:

• Set a safe word with your family and friend groups, so you can verify each other’s identity during emergencies.
• If a call or message sounds urgent and emotional, pause the exchange and reach out to the person in question through a trusted channel.
• Remember that government agencies like the IRS won’t call or text you. Their preferred outreach method is snail mail.

4. Package delivery scams

You’ve ordered a bathing suit, a new deck chair, five cute tops, a flamingo pool floatie, and some stickers for your laptop. You’re tracking multiple packages, running errands, and finishing work projects before heading out for vacation. Then you get a “sorry we missed you” text asking you to pay for redelivery. But if you follow through, you could be revealing your payment details to scammers.

The numbers: Package delivery scams jump nearly 90% in the summer compared to the rest of the year, perhaps because we’re preparing for adventures, ordering more stuff, or half-checking texts between happy hours. Gen blocked 43,326 package delivery scam attacks during summer seasons of 2024 and 2025.

How it works: This scam is simple. A scam text from the USPS, FedEx, UPS, or Amazon with a delivery status update leads you to a fake login page or a “delivery fee” payment form. You enter your credit card details, and the scammers keep them.

Avoid this scam:

• USPS, UPS, FedEx, and Amazon don’t text you to charge fees or request more information. Real delivery updates are ones you’ve opted into. If a text includes a link, don’t click it. Instead, check your package delivery updates by navigating to each site or app independently.
• If you’re expecting a package, check your tracking info via the original order email or in the carrier's app, never through a text link.
• A “$2.99 redelivery fee” is a major tell. Unless it’s an enormous shipment that requires an appointment, most services won’t charge you for missing a delivery.

5. Concert, festival, and sport ticket scams

Ticket scams are resale fraud schemes where scammers sell counterfeit, stolen, or non-existent tickets through social media, lookalike sites, and even hijacked accounts on official resale platforms. They feed on summer’s high demand for fun and fear of missing out.

The numbers: Last summer, the most impersonated artists in scams targeting music fans were Taylor Swift and Sabrina Carpenter — losses from scammers impersonating them were estimated at $5.3 billion combined in 2025, according to Billboard reporting. Scammers used convincing fake tickets, non-existent merch, and VIP experiences as the bait. A UK government study found that ticket fraud losses more than doubled in 2024, with British music fans losing over £1.6 million (around $2.1 million) to concert ticket scams — almost half of the reports were tied to social media offers.

Risk factors: You got locked out when tickets went on sale. Now the show is sold out, but you’re still determined to go. Here are three ways desperate fans get scammed:

• Buying on social media: Someone on Facebook Marketplace or Reddit is selling tickets at a discount. The post looks real, but after you Venmo the seller, you get a PDF that won’t scan at the gate. And if you fell for a Venmo scam, good luck getting your money back from the seller.
• Clicking an ad: A sponsored Google ad takes you to what looks like Ticketmaster, AXS, or the artist’s official site. You check out, hand over your credit card, but no ticket arrives. Unfortunately, there was never a real ticket, and the platform you landed on was spoofed: you just fell for a scam ad.
• Buying from an official resale site: To perpetuate StubHub or Ticketmaster scams, fraudsters can take over real accounts using breached credentials and resell legitimate or duplicated tickets.

Avoid these scams:

• Buy resale tickets from a verified primary seller like Ticketmaster, AXS, SeatGeek or StubHub. While those sites are still not 100% safe, they do offer some buyer protection. Social media marketplaces and sites like Craigslist don’t.
• Beware of sellers who push you off the original platform onto WhatsApp, Telegram, or text.
• Always pay with a credit card. Avoid paying with apps like Venmo, Zelle, CashApp, or Paypal — or via wire transfer or crypto — as buyer protection for those payment methods is less robust.
• Google and social media ads for ticket sites don’t always lead to legit platforms. When in doubt, go directly to the artist’s official website to find authorized ticket sellers.

6. Parking ticket text scams

Traffic ticket text scams are a smishing (SMS phishing) attack where fraudsters send text messages impersonating city parking authorities, the DMV, or toll agencies to trick you into paying fake fines and handing over your credit card details.

How it works: A text arrives, stating that you have an unpaid parking violation, an overdue toll, or a vehicle citation. There’s urgent language like “final notice” and a link to pay an amount like $8.99. Just small enough so you don’t think twice. Sometimes there’s an attachment that looks like a court summons. You land on a page that looks like a legit payment portal and enter your card. Often this small “test charge” hits your account before a much bigger one does. Some versions of this scam even drop malware on your phone when you click the link.

Avoid this scam:

• Unexpected payment demands via text should always be treated with suspicion.
• If you genuinely think you might owe a parking fine, go directly to the city or agency's official website by typing the URL yourself.
• Real parking tickets include specific details: your license plate, the exact location of the violation, a real citation number, and the issuing authority. Fake tickets usually reference a generic location chosen because it could apply to as many victims as possible. If the location doesn’t match where you actually were, it’s a scam.

7. Gambling scams

Gambling scams are fraudulent betting schemes that take your deposits, withhold your winnings, or impersonate legitimate sportsbooks to steal payment information. They surge almost 90% higher in summer compared to the rest of the year according to Gen Threat Labs’ research. And with the World Cup coming to North America in summer 2026, scammers have been prepping.

The numbers: Gen blocked 685,968 gambling scam attacks in the summers of 2024 and 2025, an 87.7% jump compared to the rest of the year. In the U.S., gambling scam attacks were up 338% last summer vs. the annual average. In the U.K. they were up 317%. Both markets show sharper spikes than the global average, consistent with high engagement in summer sports, including soccer tournaments.

How it works: Online gambling scams ramp up in summer alongside the sports calendar, and AI has made counterfeit sportsbooks, deepfake celebrity endorsements, and slick tipster accounts harder to spot than ever. Here’s what to watch for:

• Fake sportsbook lookalikes: These are malicious sites that mimic platforms like FanDuel, DraftKings, or BetMGM down to the pixel. They can be promoted through Google sponsored ads, social media, and AI-generated deepfake celebrity endorsements featuring athletes like Conor McGregor or Cristiano Ronaldo. You deposit, then the site disappears.
• “Scamdicappers”: Fraudulent social media tipsters charge $50 – $500 for “guaranteed” picks. The core trick of this scam is the double-sided pick: a tipster sells opposite outcomes to different customers, so some portion of paying customers always “wins.” Those winners get upsold on a “Diamond Tier” pick. The losers get ghosted.
• Withdrawal traps: The site takes your deposit, lets you “win,” then refuses to release the winnings until you pay a “10% tax,” “verification fee,” or an “International Gambling Levy.”
• Burner sites: Fraudsters vibecode fake sites using off-the-shelf scam templates or AI web builders, run them through the summer sports calendar, and shut them down before regulators or victims can catch up.

Avoid this scam:

• Verify that any sportsbook is licensed in your state before depositing. Check your state gaming commission’s site directly.
• Remember that if you have to pay to receive your winnings, it’s likely a scam.
• Celebrity endorsements in social media ads for “guaranteed wins” are not real endorsements. They’re likely AI deepfakes.
• A “tipster” charging for guaranteed picks is selling you a coin flip at a markup.
• Stick to apps you downloaded from the official App Store or Google Play, not links from ads or DMs.

8. Crypto and investment fraud scams

Crypto scams and investment fraud are long-con financial scams where fraudsters use fake trading platforms, “guaranteed return” pitches, and recovery schemes to steal money.

Why summer? It’s a seasonal peak for romance scams, which often feed directly into investment fraud schemes. Plus, first-time investors are flush with cash from tax refunds, bonuses, and summer or post-college jobs. And travel-mode distractions mean people make faster, less careful financial decisions than they would at home.

The numbers: The FBI has consistently identified investment fraud as the highest-loss scam category in the U.S., with losses exceeding $8.6 billion in 2025 according to its most recent IC3 report.

Gen products, including Norton, blocked 24.1 million financial scam attacks in the summer months of 2024 and 2025, a 55% increase compared to the rest of the year. In the U.S., Gen blocked 5,969,284 financial scam attacks in 2025 — a 157.4% increase vs. the rest of the year and well above the global average. The dominant subtype is cryptoscams, often involving fake coins, trading platforms, and investment programs that promise guaranteed profits, show fabricated charts, then block withdrawals or vanish.

How they work: Crypto and investment fraud take many forms. Here are three common subtypes to look out for heading into summer 2026:

• Fake crypto trading dashboards: You get invited to a private group, app, or platform by someone you’ve built a rapport with online — perhaps on a dating app or LinkedIn. You “deposit” a small amount of crypto, and the dashboard shows your “investment” growing. You withdraw a small amount and get it back. Then you go bigger, but when you try to withdraw, things go silent.
• “Guaranteed return” investment groups: Discord servers, Telegram channels, and Instagram DMs promise returns no legitimate investment can offer.
• Recovery scams: Scammers target people who have already been scammed, promising to recover their lost money — for a fee. Oftentimes, they’re the same people who scammed you the first time.

Keep in mind:

• No legitimate investment guarantees a return.
• A dashboard showing your money growing is not actually your money growing, it’s a webpage built to look like a legitimate dashboard.
• The stranger DM-ing you about a “no-risk opportunity” is not your friend.
• If someone offers to “recover” money you already lost to a scam, that’s a second scam. Only try to amend the situation through your bank, your card issuer, or law enforcement.

9. Tech support scams

Tech support scams are social engineering attacks where fraudsters impersonate tech companies, tricking victims into giving them remote computer access or transferring money to “protect” their accounts. The reasons they surge in summer may have to do with travel (unsecure airport or cafe Wi-Fi, unfamiliar devices) and people spending more time online.

The numbers: Gen blocked 7.8 million tech support scam attacks during 2024 and 2025 summer months, up 29.6% compared to the rest of the year. The majority of victims are over 60 years old, so if that’s not you, warn your parents, or they may call you to ask about their sudden computer pop-ups while you’re at the pool. In the U.S., tech support scam attacks rose 19.2% last summer vs. the annual average. In the U.K., the summer spike was even sharper, with tech support scams up 125.2%.

How it works: A browser pop-up claims your computer has a virus, and a phone number to “Microsoft Support” or “Apple Support” appears. You call. Then a “technician” coaxes you into downloading remote-access software. Once they’re in, they install real malware, charge hundreds of dollars for a fake “cleanup,” or convince you to transfer money to “protect” your bank account.

Avoid this scam:

• Microsoft, Apple, and companies like Norton are extremely unlikely to put their phone numbers in browser pop-ups.
• A legitimate antivirus alert won’t ask you to call a number. It will tell you what it blocked, give clear remediation steps if necessary, and let you get on with your day.
• If a pop-up locks your browser, force quit. Don’t call the number.
• Never give remote access to your computer to someone who called you or someone you called from a pop-up.

10. Lottery and sweepstakes scams

Lottery and sweepstakes scams are types of “unexpected money” fraud where scammers claim you’ve won a prize or earned a reward, then require you to pay a fee to claim it. But as much as we all want some extra “fun money” in the summer, there is no prize. The fee is the entire scam.

The numbers: Gen blocked 1.3 million unexpected money scam attacks in the 2024 and 2025 summer months, up 21.6% over the rest of the year. In the U.S., unexpected money scams were up 36.5% in summer vs. the annual average; in the U.K., they were up 48.7%.

How it works: An email, DM, or pop-up claims you’ve won a lottery, gift card giveaway, or sweepstakes, (often from real-sounding companies like Amazon, Walmart, or Target) that you don’t remember entering. To claim the prize, you have to pay a “processing fee,” “tax,” or “shipping cost.” After you pay, nothing arrives — or you get a fake check that bounces.

Avoid this scam:

• If you get an alert about a lottery you don’t remember entering, that’s a big red flag.
• Real sweepstakes prizes do not require upfront payment of any kind.
• That email from a Nigerian prince should still go straight to the trash.

Avoid summer scams this season

You shouldn't have to spend your summer dealing with the fallout from scams. For poolside peace of mind, get trusted Cyber Safety software to help warn you about potential scams, malicious websites, and other digital threats. And just in case, brush up on summer scam red flags in our 2026 Scam-Free Summer mini-forecast — and share it with your friends.