by
Guest Contributor
July 1, 2025
Phishing and impersonation scams are everywhere and they're costing us more than ever. In 2024 alone, the FBI logged over 800,000 cybercrime complaints in the U.S., with phishing topping the list and losses skyrocketing into the billions. These scams aren’t clumsy or obvious anymore; they’re polished, professional, and often look like they’re coming from someone you trust: your boss, your bank, even your government.
It started with a simple email from my boss — or so I thought. All she asked was for me to a) acknowledge whether I received her email and b) to reconfirm my phone number since she wanted me to “look out” for her message shortly afterwards (red flag #1).
As a new hire at a tech startup, I was eager to make a good impression. So when the founder reached out to me personally via text (red flag #2) asking for help with a “surprise” for the team, I didn’t hesitate. She wanted to reward employees with gift cards and asked if I could pick them up and send photos of the cards and receipts (red flag #3).
One trip turned into two, two became three (red flag #4) and five cards became ten, then twenty (red flag #5). With every batch, I was reassured that I would be reimbursed the following day and I had no reason to doubt “my boss’s” honesty. But after eight hours of running around in my gymwear, unshowered and with no food, I was getting physically and mentally exhausted.
It wasn’t until I overheard a customer at a retail store hollering at the manager about “another gift card scam” that my stomach dropped in shame. Upon contacting my actual boss via the company’s official communication channel, my fear was confirmed. I had fallen for a scam, lost over $5,000 and hours of my time. As I would later learn, I wasn’t and am not the only victim in this vast, organized scheme of impersonation scams.
These scams may vary in appearance but they all follow a common pattern: impersonate a trusted source, extract sensitive information, and cause a degree of damage (financial, reputational, and/or physical). This pattern of attack is known as phishing, which is the most common type of cyber crime.
However, phishing is more nuanced than it seems. Scammers tailor their tactics to different platforms, targets, and situations.
This post kicks off a blog series about what it really feels like to be scammed because whether or not you admit it to yourself right now, money and/or sensitive information is probably not the only thing you lost. It probably isn’t the only thing troubling you right now. It just feels that way, because it’s the only part anyone else can see. What stays hidden and often hurts longer is the shame, the obsessive detective work, and the slow, quiet process of learning how to trust others and yourself again.
While there are plenty of guides on how to avoid phishing, it is important to realize that prevention in itself is insufficient to recover from a scam. Because once the scam succeeds, you’re not just recovering lost money or data; you’re trying to recover a sense of safety, clarity, and trust. That’s a process too and it deserves just as much attention. Thus, in the posts that follow, I’ll walk you through the full arc of that experience:
Though this series may feel personal — and it is — the impact of scams like this is systemic and merits awareness. Granted, awareness alone won’t undo what happened. But it is the first step toward shifting responsibility off victims, demanding more accountability from the systems we rely on, and creating a culture that meets victims with empathy instead of judgment. Because the more we speak up, the less alone any of us are and the harder it becomes for scammers to thrive in our silence.