Fraud trends in 2026 from simple attacks to complex schemes

Analysts from MegaFon, Pochta Mail, and Kaspersky Lab jointly analyzed data for the first quarter of 2026 and identified key trends in digital fraud. Attackers are actively adapting to user behavior, using both traditional scenarios and new approaches, spanning multiple communication channels—SMS and voice calls, email, and instant messaging.

According to MegaFon, cybercriminals are increasing their activity across all channels. In the first quarter of 2026, more than 107 million calls were blocked on suspicion of fraud—an 18% increase compared to the first quarter of 2025. SMS messages are showing similar trends: nearly half a billion messages were blocked on suspicion of fraud and spam, a 15% increase compared to last year. At the same time, the number of subscriber complaints about fraud has decreased, indicating that most threats were neutralized before users encountered them.

Attackers are increasingly combining channels: a phishing email leads to a fake website. After entering the user's credentials, the subscriber receives a call from a "specialist" offering to install "protection"—in reality, a malicious application. Attacks are becoming multi-channel, so protection is built at multiple levels: operator filters block dangerous traffic, antivirus software monitors malicious applications, and the email service monitors phishing emails.

"Phishing and scam messages are becoming the primary method for malware to penetrate phones. We recorded a surge in smartphone infections last year, and this trend is accelerating: in the first quarter of 2026, MegaFon identified 124% more infected devices compared to the same period last year , " said Sergey Khrenov, Director of MegaFon's Fraud and Revenue Loss Prevention Department.

In the first quarter of 2026, the number of blocked malicious emails from Mail decreased by 5.6% to 6.7 billion compared to 2025. Emails disguised as notifications from government services, threatening fines and reporting outstanding debts, are a trend. In March, delivery emails offering flowers or gifts in honor of gender recognition were particularly popular. These emails appear to be friendly greetings, but instead lead to resources where attackers obtain personal data and access users' finances.

Smart systems blocked 81.7 million unwanted emails daily, a 3.6% increase compared to the same period last year. Despite the increase in spam blocking, the overall share of such emails decreased by 34% compared to the first quarter of 2025.

"We're actively developing anti-spam technologies and further training our ML models: this allows us to effectively and promptly block threats. The AI ​​anonymously checks content for vulnerabilities and blocks them, separately marking messages from genuine senders with a green shield ," comments Dmitry Moryakov, head of the spam analysis team at Pochta Mail.

Pochta Mail analysts note that, in addition to "gift" and FTS spam, classic spam and phishing scams persist. Fake investments were the most popular in this category, accounting for 47%. Casino spam (gambling) and fake information products were also common, accounting for 31% and 22%, respectively.

Kaspersky Lab notes that in the first quarter, attackers continued to use the same scenarios from the previous year while simultaneously testing new approaches. Overall, a trend toward increasing attack sophistication is evident: multi-stage schemes involving sequential interactions with the victim and the use of various communication channels are increasingly being used.

"At the end of 2025, we detected a wave of targeted attacks on healthcare institutions in Russia: malicious emails were sent purporting to be from insurance companies and hospitals, and were linked, for example, to patient complaints under voluntary health insurance. By February 2026, similar approaches were being used against industrial enterprises: emails imitated notifications about alleged violations, and the archives, as before, concealed the BrockenDoor backdoor, allowing remote access to devices and data theft. Also in January 2026, a large-scale campaign by the Silver Fox group was detected: organizations received emails disguised as notifications from tax authorities. In just one month, over 1,600 such messages were detected; the attacks utilized previously unknown downloaders and the ABCDoor Python backdoor ," comments Andrey Kovtun, Head of Mail Threat Protection at Kaspersky Lab.

Arizona Grand Canyon National Park Colorado River News Weather Helicopter Tours

Yorumlar