New research shows phishing and fraud are shifting away from obvious impersonation toward search results, paid ads, business workflows, and marketplaces
Bolster AI, a leading brand protection platform, revealed a fundamental shift in how phishing and online scams are created, distributed, and monetized in its 2026 Fraud Trends and Predictions report.
According to the report, today’s most effective scams are no longer isolated messages or one-off impersonations. Instead, attackers are building full fraud lifecycles that guide victims from discovery to conversion across multiple trusted systems.
“Attackers are designing scams that look and feel real from start to finish,” said Rod Schultz, CEO of Bolster AI. “They are abusing high trust, every day digital activities to scam people, including search results, paid ads, document approvals, and login prompts. Every step is intentional, and every step is optimized to get someone to act.”
From One-Off Scams to Repeatable Systems
Bolster’s research team tracked more than 11.9 million malicious domains in 2025 tied to phishing, fraud, and misinformation campaigns. The volume reflects how quickly attackers can now stand up, test, and rotate infrastructure once they identify a distribution model that works.
Advances in automation and generative AI have dramatically lowered the cost and time required to launch these operations. As a result, attackers are investing in channels traditionally associated with legitimate marketing, including SEO and paid advertising, because the payoff outweighs the cost.
The report highlights several areas where this shift is most visible:
- Search results are being used to capture users early in the decision process by publishing realistic informational pages that outrank official sources.
- Paid advertisements are increasingly used to intercept users at moments of intent, such as logging in, verifying accounts, or resolving issues.
- Business workflows, including document signing and approval requests, have become reliable entry points.
- Online marketplaces are being leveraged for rapid monetization, with counterfeit listings and digital goods scams benefiting from built-in trust signals like reviews and familiar checkout flows.
- Targeted sectors reflect where trust already exists at scale, including tech platforms, government services, and financial institutions.
“What we’re seeing is closer to a buyer’s journey than a traditional scam,” Schultz said. “Attackers are planning ahead, choosing channels deliberately, and reusing what converts.”
What This Means for 2026
The report concludes that scams in 2026 will continue to evolve as engineered systems rather than isolated attacks. Campaigns will be timed around predictable events, scaled quickly, and distributed through channels where legitimacy is assumed.
“Defending against this kind of fraud requires understanding how these operations are built,” Schultz said. “If security teams only look for suspicious messages reaching their customers at the end of the chain, they’re already too late.”