Russians were told about new trends in the field of digital fraud / Society news of Krasnoyarsk and the Krasnoyarsk Territory / Newslab.Ru

Analysts from MegaFon, Mail and Kaspersky Lab jointly studied data for the first quarter of 2026 and identified key trends in the field of digital fraud.

Attackers actively adapt to user behavior, using both traditional scenarios and new approaches, covering several communication channels at once – SMS and voice calls, email and instant messengers.

According to MegaFon, cyber fraudsters are increasing their activity in all channels. In the first quarter of 2026, more than 107 million calls were blocked due to suspected fraud – 18% more than in the first quarter of 2025. SMS shows similar dynamics: almost half a billion messages were blocked on suspicion of fraud and spam, which is 15% higher than last year.

At the same time, the number of subscriber complaints about fraud has decreased, which means that most of the threats were neutralized even before users encountered them.

Attackers are increasingly combining channels: a phishing email leads to a fake website; after entering data, the subscriber receives a call from a “specialist” who offers to install “protection” – in fact, this is a malicious application. Attacks are becoming multi-channel, so protection is built at different levels: operator filters block dangerous traffic, antivirus monitors malicious applications, and the mail service monitors phishing emails.

“Phishing and fraudulent messages are becoming the main way malware gets into phones. We recorded a surge in smartphone infections last year, and this trend is intensifying: in the first quarter of 2026, MegaFon identified 124% more infected devices compared to the same period last year,” said Sergei Khrenov, director of the department for preventing fraud and loss of income at MegaFon.

In the first quarter of 2026, the number of blocked malicious emails from Mail decreased by 5.6% to 6.7 billion compared to 2025. The trend is for letters disguised as notifications from government services, threatening fines and reporting debts. In March, delivery letters with an offer to accept flowers or a gift in honor of the gender holiday were especially popular. These letters look like friendly congratulations, but lead to resources where attackers obtain personal data and access to users’ finances.

Systems blocked 81.7 million unwanted emails daily, which is 3.6% more than in the same period last year. Despite the increase in the number of spam blocks, the overall share of such emails decreased by 34% compared to the first quarter of 2025.

Mail Mail analysts note that in addition to “gift” and Federal Tax Service spam, classic spam and phishing formats remain. The most popular in this category were fake investments – their share was 47%. Casino spam (gambling) and fake information products are common – they account for 31% and 22%, respectively.

Kaspersky Lab notes that in the first quarter, attackers continued to use scenarios from the previous year, while simultaneously testing new approaches. In general, there is a noticeable trend towards more complex attacks: multi-stage schemes with sequential interaction with the victim and the use of various communication channels are increasingly being used.

“At the end of 2025, we recorded a wave of targeted attacks on medical institutions in Russia: malicious emails were sent on behalf of insurance companies and hospitals and were associated, for example, with patient complaints under VHI. Already in February 2026, similar approaches began to be used against industrial enterprises: letters imitated notifications of allegedly detected violations, and inside the archives, as before, the BrockenDoor backdoor was hidden, allowing remote access to devices and theft of data. Also in January 2026, a large-scale campaign by the Silver Fox group was recorded: organizations received letters under the guise of notifications from tax authorities. In just one month, more than 1,600 such messages were discovered; the attacks used previously unknown downloaders and the ABCDoor Python backdoor,” comments Andrey Kovtun, head of the email threat protection group at Kaspersky Lab.