The expert revealed the main schemes of scammers in 2026

In 2026, fraudsters are increasingly targeting not direct theft of money, but access to user accounts and personal data. On April 24, Izvestia was informed about this by the director of the communication policy of the financial marketplace "Choose.<url>" by Anna Romanenko.

"With increased control over banking operations, fraudsters have shifted their focus from direct theft of money to gaining control over the user's digital identity," she said.

According to the expert, if at the end of 2025 schemes with the promise of high-yield investments prevailed, then in the first quarter of 2026 attacks on accounts and more complex scenarios of social engineering showed the greatest growth. The share of such attacks increased from 10% to 16%. Most often, attackers try to gain access to accounts in Telegram, on "Public Services" and marketplaces.

The expert stressed that "chat relocation" schemes remain popular, when the user is asked to click on a link and enter a code, as well as attacks through fake banking applications and fake versions of messengers. In some cases, scammers use SMS codes to hijack marketplace accounts and make installment purchases.

The economics of leaks: how stolen personal data gets back into the hands of scammers

Why even outdated databases remain a dangerous commodity on the shadow market

She added that classical social engineering still accounts for more than a third of all cases, with its share rising to 38%. At the same time, the schemes have become more complicated: attackers are playing out whole scenarios involving "banks", "law enforcement agencies" and "revelations".

"Phishing turned out to be the next most popular: its share was 23%. At the same time, the schemes themselves have gone far beyond fake links to payment for goods or voting in contests: QR codes, fake chats and mailing lists imitating government notifications are actively used this year," Romanenko said.

The expert noted that holiday-related schemes remain popular: users are offered fake payments, delivery services, or "social bonuses." She stressed that fraud may partially shift offline in the near future. There are already cases where attackers force victims to transfer cash to couriers or transfer money through ATMs.

According to the expert, the main risk lies in the complex impact on a person when an attack begins online and ends offline.

On April 7, representatives of the Ministry of Internal Affairs of the Russian Federation said that fraudsters could distribute malicious software by disguising it as links to pop-up windows with supposedly useful content. At the same time, the "relevant" content is often videos in which citizens or their relatives are depicted under the guise of participants in an accident. Also, attackers often generate images of missing relatives of Russians in such banners.