Russians have been warned about an increase in fraud under the guise of course managers

Fraudsters are increasingly posing as managers of educational programs and online courses. According to the results of the first quarter of 2026, the number of such incidents increased by 38% compared to the same period last year, and the total damage to citizens and companies increased by almost 52%. This was reported to Izvestia on March 13 by experts from the Informzashita company.

According to analysts, the share of such scenarios in the structure of social engineering has actually doubled over the past two years. If in 2024 they accounted for about 7% of attacks, then by the beginning of 2026 the figure exceeded 14%.

Experts note that the increase in such crimes occurs against the background of a general decrease in mass phishing mailings. Attackers are increasingly moving to more targeted attacks using personalized scenarios. As a rule, the potential victim leaves contact information on the educational platform, registers for a webinar, or downloads free material. After that, the scammer enters into a dialogue, posing as the course manager.

"Scammers copy the blogger's tone, use recordings of real webinars, and so on. In most cases, the victim's "processing" begins with a chat clone that duplicates the original content for several months, misleading the person. Only after that, a campaign begins, during which fraudsters are encouraged to participate in win—win lotteries, investments, short-term promotions, and more," said Pavel Kovalenko, director of the Informzashchita anti-fraud center.

Experts also record a change in the brands under which the attackers operate. Previously, scammers used the names of large online education platforms more often, but in late 2025 and early 2026 they began to disguise themselves more often as small author's courses, educational projects of bloggers and niche experts.

According to analysts, small educational projects often lack well-established information security processes and customer communication regulations. This makes it more difficult for users to distinguish fake messages from real ones.

The growth of such attacks is associated with several factors at once. Firstly, the online education market continues to expand, which increases the audience of potential victims. Secondly, there remains a shortage of information security specialists in small and medium-sized businesses, which, according to experts, reaches about 44%. In addition, attackers actively use automated tools to collect contacts and create plausible communication scenarios.

An additional risk factor has become the popularity of installments and student loans. In some cases, fraudsters convince victims not only to pay for the course, but also to apply for a loan, which significantly increases financial losses.

Experts believe that educational companies need to rethink their approaches to interacting with customers. Key measures include the use of official domains and verified accounts, a ban on accepting payments through employees' personal cards, the introduction of anti—fraud monitoring systems and regular searches for phishing copies of websites. Informing users about possible cheating schemes and responding promptly to complaints also plays an important role.

On March 4, the Roskachestvo Digital Expertise Center reported that fraudsters were using a scheme to replace contacts on their phones, sending messages with fake offers and attaching a file with an extension.vcf, which updates the contact in the phone book when opened. According to the press service, scammers send messages via messengers or by SMS, disguising them as notifications from banks, government agencies or open vacancies.

All important news is on the Izvestia channel in the MAX messenger.