The 91 patterns: what Q1 2026 phone scams actually look like

Voipy Shield runs a 91-pattern reference library — a curated catalog of every distinct phone-scam pattern we've encountered, advisory we've cross-referenced, and family-of-attacks we screen for in production. We grow it from FTC, FBI/IC3, FCC, HHS-OIG, BBB, SEC, and AARP advisories plus our own field telemetry.

This post is a field report on what Q1 2026 phone scams look like as of April 25, 2026. If you run an eldercare facility, a family caregiver shop, a financial-services compliance team, or a phone product that handles senior callers — this is the working list.

The big shift: AI is in the workflow now, not just the marketing

Every quarter from 2022 through 2024 we'd add 1-2 patterns and the bulk of the catalog stayed stable: IRS-arrest-warrant, Social Security suspension, Microsoft tech support, fake Medicare cards, Nigerian-prince-shaped wire-transfer asks. Static enough that you could train a senior on it once and they'd recognize most variants.

That isn't true anymore. Q4 2024 through Q1 2026 added the following AI-tooled patterns to the library:

• Voice-cloned grandchild emergencies. Attacker grabs 30 seconds of audio off TikTok or a public Instagram story, clones the voice with a free model, calls grandma claiming to be the grandson in jail / hospital / car-accident, asks for bail wired to a lawyer or bondsman. We wrote up our detection pipeline.
• Virtual kidnapping with cloned voices. The voice you hear screaming "Mom, help!" in the background is your kid's voice — except it isn't. Attacker pulls audio from social and runs an emotional-distress prompt through a voice clone while a co-conspirator demands ransom from the parent.
• SIM-swap-then-call sequence. The attacker SIM-swaps the victim's phone, then calls them from the carrier's actual number ("verify your account") because caller-ID truly does show the carrier. Spoofing isn't the trick anymore — actual control is.
• Phantom hacker (FBI 2024 advisory). Three-call sequence: fake tech-support, fake bank fraud-dept, fake government-agency. Each call hands the victim to the next "for verification". Six-figure losses common.
• AI-deepfake celebrity-endorsement investment scams (FTC 2025 + SEC 2024 + FBI IC3). Deepfake video of Musk, Buffett, Cuban, Bezos endorsing a "members-only AI trading fund". Initial $2k+ buy-in, then escalating "tax/withdrawal-fee" demands. We added this as scenario 91 last week.

The unifying pattern: AI dropped the cost of personalization to near-zero, so the attacker can now run a credible specific attack against your specific family member, your specific bank, your specific employer. The 2010-2020 scam was spray-and-pray. The 2026 scam is bespoke.

The new categories from FTC/FBI 2024-2025 advisories

We added seven patterns in late 2024 / early 2025 that had no obvious precedent in the 2020 catalog:

• QR-code callback scams (FTC 2024, "quishing"). Stickers placed over real QR codes on parking meters, USPS lockers, IRS notice mailers; victim scans, lands on a fake payment page that captures card + then drives a follow-up call to "verify".
• Wrong-number pig-butchering (FTC 2024, $3.9B reported losses). SMS arriving as "Hi Sarah, are we still on for tomorrow?" — friendly correction starts a multi-week conversation that funnels to crypto investment.
• Medicaid unwind / recertification scam (HHS-OIG 2024). Post-COVID Medicaid eligibility re-determinations created confusion the attackers harvested — fake "you've been disenrolled, pay this fee to keep coverage" calls.
• ISP impostor (FCC + FTC 2024, $42M reported). Comcast/Spectrum/Xfinity look-alike caller-IDs, "your account is past due, pay now or service cuts in 60 minutes".
• Discount-medical-plan as health insurance (FBI PSA 2024). Sells "$99/mo unlimited care" cards that aren't insurance — disclosed as such in the fine print, but pitched as insurance on the call.
• Airbnb host impostor (BBB + FTC 2024). Fake "host" reaches out before a real booking; "please pay outside the platform via Zelle for a discount". Real host has no idea.
• Chinese consulate impostor (FBI 2018, escalated 2022 + 2024). Mandarin-language calls to Chinese-American diaspora claiming consular legal action; targeted at seniors with limited English-language services. Estimated $100M+ losses.

The unchanged classics still hit hardest

Despite the new patterns, the 2026 dollar-loss leaderboard is still dominated by patterns that haven't structurally changed in a decade:

• IRS-arrest-warrant. Every Q1 like clockwork. Spanish-language variant ("orden de arresto del IRS") underreported.
• Social Security suspension. Most-blocked single pattern in our production data.
• Tech support / Microsoft / Apple. Pop-up driven on senior browsers. Has had AI-voice variants but the script is the same.
• Sweepstakes / Publishers Clearing House. "You've won, pay taxes upfront via gift card." Gift-card-payment is the universal red flag.
• Romance scams (now overlapping with pig-butchering). FTC 2024: $1.14B reported.

If the senior in your life only knows one thing, it should be this: no real government agency, no real utility, no real bank ever asks for payment in gift cards, wire transfer, cryptocurrency, or remote-desktop access. None. Ever. That single rule covers most of the dollar volume.

Spanish-speaking targets get specifically scammed

About 35% of our Spanish-language pattern entries are direct ports of English-language scams (IRS, SSA, Medicare). The remaining 65% target Spanish-speakers specifically: fake immigration-attorney "your case is in danger", fake remittance-service "we lost your transfer", fake LATAM consulate. We screen them all in Spanish — every refuse pattern in the library has both English and Spanish openings.

If the senior caller you're protecting prefers Spanish, the protection has to be Spanish-native. A US-tuned model that hands off to "press 2 for Spanish" is half-effective.

What defends

Three layers, ordered by effectiveness:

1. A trusted-caller list. Family registers their primary callers. Those numbers skip the screening unless the call pattern is anomalous (3 AM, unusual length, voice-authenticity mismatch). Cuts false-positives to near-zero.
2. A library-driven screening layer. Voipy Shield runs every inbound caller's first 10 seconds against the 91-pattern library. Pattern matches with high confidence go to a soft-block-with-staff-review path (not auto-disconnect — never auto-disconnect, that's how you block real grandsons).
3. A weekly digest to the family. Plaintext email listing what was blocked, categorized. Turns the product from "I forget I have it" to "I can show my sister what this saved us from this week".

If you run a senior-living facility, family caregiver service, or a financial-services compliance team and want this layer on your line: start a 14-day Shield trial. We don't charge until day 15. The full 91-pattern library is included on every plan.

What's next in the library

We expect to add ~15 patterns in 2026 H2 based on what's emerging in advisories already:

• State-specific tax-refund / DMV scams (rolling state-by-state as states stagger their refund cycles).
• Medicare Open Enrollment fraud (Q4 every year, but 2026 looks ugly with the AI-voice escalation).
• Generative-AI-tutor scams targeting parents of school-age kids.
• Crypto wallet-recovery service scams (FBI 2024 PSA: scams targeting prior scam victims).

If your team tracks any of these and wants to compare notes — reach out. We share the full library catalog with eldercare advocates and consumer-protection nonprofits at no cost.

— Anton