April fools day is over. The scams are not.

April 1st comes and goes every year with jokes, fake announcements, and harmless pranks. For one day, everyone expects a little trickery.

But scammers don’t stop on April 2nd.

In fact, Spring is often one of the busiest seasons for cybercriminals. Not because businesses suddenly become careless, but because people are moving fast.

The scams working today don’t look dramatic or obvious. They’re designed to blend into a normal workday so they feel routine instead of risky.

Below are three scams that are working right now. Not on gullible people, but on smart employees who are simply trying to get their work done.

As you read through them, ask yourself one honest question: Would everyone on my team pause long enough to catch these scams?

Scam #1: The “Unpaid Toll” or Parking Fee Text

This one usually starts with a simple text message.

It might say something like: “You have an unpaid toll balance of $6.99. Pay within 12 hours to avoid late fees.”

The message often mentions a real toll system, like E-ZPass, SunPass, or FasTrak. The amount is small enough that it doesn’t trigger alarm. They click the link, pay the small fee, and move on with their day.

But the link wasn’t real.

Instead of paying a toll, they just handed their credit card information to a scammer.

This scam has exploded recently. The FBI received more than 60,000 complaints about fake toll text messages in 2024, and it increased 900% 2025. Security researchers have identified tens of thousands of fake websites built specifically to impersonate toll systems.

Some of these messages have even been sent to people who live in states without toll roads at all, like here in New Mexico.

The reason the scam works is simple: A $6.00 charge doesn’t feel risky. It feels like a minor inconvenience you just want to clear quickly.

The Guardrail that Helps:

Real toll agencies do not demand immediate payment through a text link.

Many businesses now teach employees a simple rule: No payments should ever be made through links sent in text messages.

If the message might be legitimate, employees should go directly to the official website or app and check there.

And one more tip: never reply to the text. Not even “STOP.” Responding confirms that the number is active and can lead to even more scam messages.

Convenience is the bait, but process is the defense.

Scam #2: “Your Document Is Ready”

Undoubtedly, this scam blends perfectly into everyday business activity.

An employee receives an email saying a file was shared with them. It might look like:

  • A DocuSign contract
  • A Google Drive document
  • A Microsoft OneDrive spreadsheet
  • A SharePoint file

The sender’s name looks right. The formatting looks right.

So, the employee clicks the link. The page asks them to log in to view the document. They enter their email and password.

And just like that, the attacker now has their login credentials.

If those credentials belong to their work account, the attacker may now have access to your company’s cloud systems, email, and internal files.

This type of phishing attack has grown rapidly. According to security research from KnowBe4, phishing campaigns that abuse trusted platforms like Google, Microsoft, DocuSign, and Salesforce increased 67% in 2025.

Employees are also seven times more likely to click links that appear to come from OneDrive or SharePoint than from random emails.

Why? Because they look legitimate.

In some cases, the emails really are sent from the actual platform’s servers. Attackers compromise a legitimate account and use the platform’s own file-sharing feature to send the notification.

Your spam filter may not flag it, because technically, the email itself is real.

The Guardrail that Helps:

If a shared file arrives unexpectedly, employees should not click the link in the email. Instead, they should open their browser and log directly into the platform. If the file was truly shared with them, it will appear in their account.

Businesses can also reduce risk by limiting external file-sharing permissions and enabling alerts for unusual login activity.

These are small settings changes that can significantly reduce risk.

Boring habits with effective results.

Scam #3: Phishing Emails That Sound Completely Normal

Not long ago, phishing emails were easy to spot. They often had broken grammar, strange formatting and obvious spelling errors.

But those days are over.

A 2025 academic study found that AI-generated phishing emails had a 54% click rate, compared to only 12% for human-written scams. That means they are more than four times as effective.

These emails don’t look suspicious. They reference real companies, real job titles, and real workflows.

Attackers can gather this information quickly from sources like:

  • LinkedIn
  • Company websites
  • Social media
  • Public business records

The newest trend is department-specific phishing.

For example, HR teams may receive messages asking to verify employee records. Finance staff might receive requests to update vendor payment details. Payroll employees may receive W-2 or direct-deposit change requests.

In a recent security test, 72% of employees interacted with a fake vendor payment email, which was significantly higher than other types of phishing messages.

The emails were calm, professional, and realistic. They didn’t create panic. They simply looked like a normal request on a normal Thursday.

The Guardrail That Helps:

Requests involving money, credentials, or sensitive data should always be verified through a second method such as a phone call, chat message, or just walking down the hall to ask the person directly.

If a message creates urgency, that urgency should be treated as a warning sign.

Real business communication rarely requires someone to act immediately without verification.

What This Really Comes Down To

Every one of these scams relies on the same factors:

  • Familiarity
  • Authority
  • Timing
  • The feeling that “this will only take a second”

The real risk isn’t careless employees. It’s systems that assume everyone will always slow down, double-check everything, and make the perfect decision under pressure.

But, that’s not realistic.

If a single rushed click could disrupt your business, that’s not a people problem.  It’s a process problem.

And process problems are fixable.

How We Help Albuquerque Businesses Reduce This Risk

Most business owners don’t want to become cybersecurity experts.

They don’t want to spend their time training employees on every new scam that appears.

What they really want is simple. They want to know their business isn’t quietly exposed.

At Haider Consulting, we help businesses in Central New Mexico identify where these risks exist and put practical protections in place so you don’t have to figure everything out on your own.

If you’d like a clearer picture of where your business stands, we’re happy to talk!

Schedule a quick discovery call where we’ll discuss:

  • The kinds of cyber risks businesses are facing right now
  • Where security gaps often appear in everyday operations
  • Practical ways to reduce risk without slowing down your team

No pressure. No scare tactics. Just a conversation.

👉 Schedule your FREE Discovery Call below or give us a call at 505-821-6070

Book My 17-Minute Call

Sometimes, simply knowing what to look for is enough to turn a moment of “I might have clicked that” into “Nice try.”

Download your free guide:

7 Steps for Better Cyber Security in Your Business

Cybercrime is at an all-time high, and hackers have set their sights on small and medium sized businesses. Don’t be their next victim!

Our 7 Steps will get you started in protecting the business you’ve worked so hard to build.

Fill out the form to get the guide now!