April Fools’ Is Over. These Scams Didn’t Get the Memo.

April 1st comes and goes. The fake announcements and gotcha pranks that had you second-guessing everything all day quietly disappear.

Scammers, though? They never clock out.

Spring is one of the busiest seasons for hackers, and it’s not because anyone on your team is careless. It’s because everyone is busy, a little distracted and moving fast. That’s exactly when the almost-believable stuff slips through: the kind of message that blends into a normal workday and doesn’t feel dangerous until it already is.

Here are three scams making the rounds right now. They’re not aimed at gullible people. They’re aimed at sharp, well-meaning employees who are just trying to get through their to-do list.

As you read, ask yourself one honest question: Would everyone on my team pause long enough to catch each of these?

Scam #1: The Toll Road (or Parking Fee) Text

An employee’s phone buzzes:

“You have an unpaid toll balance of $6.99. Pay within 12 hours to avoid late fees.”

It name-drops a real toll system, E-ZPass, SunPass, FasTrak, whichever one fits their state. The amount is small enough that no alarm bells ring. They’re walking into a meeting, so they tap the link, pay and move on.

Only the link was never real.

The FBI logged more than 60,000 complaints about fake toll texts in 2024 alone, and the volume shot up 900% in 2025. Researchers have traced over 60,000 fake domains built specifically to impersonate state toll systems. That’s a staggering amount of infrastructure, and it tells you exactly how profitable this scam has become. Some of these texts have even landed on phones in states that don’t have toll roads at all.

The reason it works is almost boring: $6 doesn’t feel risky, and just about everyone has hit a toll booth or parked downtown recently, so the message feels completely plausible.

The guardrail that helps: Real toll agencies don’t demand instant payment by text. Smart businesses make it a flat rule: no payments ever happen through a text-message link. If a message might be legit, employees go straight to the official website or app themselves. And they never reply, not even “STOP,” because any response just confirms the number is live and invites more.

Convenience is the bait. Process is the defense.

Scam #2: “Your File Is Ready”

This one slides right into everyday work.

An employee gets an email saying a document’s been shared with them. It’s usually something ordinary: a contract in DocuSign, a spreadsheet in OneDrive, a file in Google Drive.

The sender’s name looks right. The formatting looks exactly like every other file-share notification they’ve ever seen.

So they click. They’re asked to log in. They type in their work credentials.

And now someone else has those credentials, and if it was their work login, the attacker just walked into your company’s cloud.

This kind of attack has exploded. Phishing campaigns abusing trusted platforms like Google Drive, DocuSign, Microsoft and Salesforce jumped 67% in 2025, according to KnowBe4’s Threat Labs. Google Slides–based phishing links alone spiked more than 200% in a recent six-month stretch.

Here’s the part that should really get your attention: employees are seven times more likely to click a malicious link from OneDrive or SharePoint than from a random email, simply because the notification looks identical to the real deal.

The newer versions are even sneakier. Attackers create files inside already-compromised accounts and use the platform’s own sharing feature to send the alert. That means the email genuinely comes from Google’s or Microsoft’s real servers. Your spam filter waves it through because, technically, it is a legitimate notification.

The guardrail that helps: If a shared file shows up out of nowhere, employees are trained not to click the link in the email. Instead, they open a browser and log into the platform directly. If the file is real, it’ll be sitting right there. Businesses cut their risk further by restricting external file-sharing permissions and turning on alerts for unusual logins, two settings your IT team can flip on in about 15 minutes.

Boring habit. Seriously effective result.

Scam #3: The Email That’s Written Too Well

Remember when phishing emails were easy to spot? Broken grammar, weird formatting, obvious nonsense; we were all trained to catch it.

Those days are gone.

A 2025 academic study found that AI-generated phishing emails hit a 54% click rate, versus just 12% for the human-written kind. That’s more than four times as effective, and the reason is simple: these emails don’t read like scams anymore. They reference real company names, real job titles and real workflows, all scraped from LinkedIn and company websites in seconds.

The newest twist is targeting by department. Your HR and payroll folks get fake employee-verification requests. Your finance person gets a vendor payment redirect. In one recent test, 72% of employees engaged with a vendor-impersonation email, 90% higher than other phishing types. The messages stay calm, professional and urgent without being dramatic. They look like an ordinary Tuesday in the inbox.

The guardrail that helps: Any request touching credentials, payment changes or sensitive data gets verified through a second channel, a phone call, a chat message or a walk down the hall. Before clicking anything, employees hover over the sender’s address to check the real domain. And when a message tries to rush you, that urgency itself gets treated as the red flag.

Real security doesn’t need to panic you into clicking.

What This Really Comes Down To

Every one of these scams leans on the same things: familiarity, authority, timing and the quiet assumption that “this’ll only take a second.”

Which is why the real risk isn’t a careless employee. It’s a setup that assumes everyone will always slow down, double-check and make the perfect call under pressure.

If a single rushed click can derail your whole day, that’s not a people problem. It’s a process problem.

And process problems are fixable.

That’s Where We Come In

Most business owners don’t want to turn this into another project, or become the person in charge of teaching everyone what not to click.

They just want to know their business isn’t quietly exposed.

If you’re wondering what your team might be up against, or you know another owner who probably should be, we’re happy to talk it through.

Book a straightforward discovery call and we’ll walk through:

  • The kinds of risks businesses like yours are running into right now
  • Where trouble tends to sneak in during normal, everyday work
  • Practical ways to cut your exposure without slowing your people down

No pressure. No scare tactics. Just a chance to put your concerns on the table and talk through your options.