Expert Forecast: Cyber Scammers to Target Businesses in 2026

In 2025, Novosibirsk residents received more suspicious calls, and deception schemes became more complex, increasingly extending beyond ordinary phone conversations. The past year has shown that cyber threats are evolving faster than user habits, and experts now speak of threats not only to ordinary people but also to companies. According to them, it will only get worse. Cybersecurity analysts have summarized the year«s results and provided forecasts on what Novosibirsk residents can expect from phone scammers in the future. Details are in the NGS report.

The Call — The Start of the Scheme

Cybersecurity analysts note that in 2025, cyber threats ceased to be an abstract problem «somewhere on the internet.» Phone fraud, phishing, and malware have become part of everyday reality for residents of the Novosibirsk Region. At the same time, deception schemes are becoming more complex and personalized, and criminals are increasingly combining different channels of influence: from calls to messengers and fake documents.

Thus, according to the Kaspersky Who Calls service, over 11 months in 2025, from 89 to 95% of users in the Novosibirsk Region regularly received unwanted calls. This means that practically every smartphone owner encountered suspicious calls to some extent.

Analysts are particularly alarmed by the increase in the share of calls with signs of fraud. If at the beginning of the year it was 22–25%, by July-August it reached peak values — 39–43%. In autumn, the indicator decreased, but even in November it remained at a fairly high level: about 32%.

«Modern scammers are increasingly less likely to limit themselves to one phone conversation. More and more often, the call becomes just a starting point. They may frighten, interest, or mislead a person, and then move the communication to messengers. There, scammers already use phishing links, malicious applications, fake documents, and even deepfakes,» notes Oksana Artemyeva, regional representative of Kaspersky Lab in the Siberian and Far Eastern Federal Districts.

This approach, the speaker explains, makes the schemes more plausible. In messengers, criminals can send «official» letters, screenshots, audio and video messages that look convincing and reduce the critical perception of information by an unprepared victim.

According to experts from Kaspersky Lab, almost 30% of users in the Novosibirsk Region in 2025 encountered web attacks when visiting dangerous sites. This refers to resources that can automatically download malicious code or redirect to phishing pages.

About 36% of users encountered malicious software on their devices. Viruses often masquerade as ordinary files, programs, or installers, and sometimes spread via removable media — flash drives and external disks.

At the same time, among the most common schemes of 2025, experts from Kaspersky Lab highlight phishing (a type of internet fraud where criminals attempt to lure out users« confidential data — logins, passwords, bank card numbers, and other personal information. — Ed.) and scams (when scammers seek to profit from the victim»s trust or lack of awareness. — Ed.).

Scammers hunt for Novosibirsk residents« logins, passwords, and payment information, including accounts in Telegram and other popular messengers. Losing such an account can lead to new attacks, but now on the victim»s friends, colleagues, and relatives.

Scenarios with «easy money» also remain popular. Fraudsters promise users quick earnings from investments, participation in lotteries, or guaranteed income without effort. At a certain stage, the person is convinced to transfer money, after which contact with the «consultants» abruptly cuts off.

Criminals pay separate attention to smartphones. Although Windows devices remain the primary target, interest in mobile platforms is also growing. In 2025, among the most notable threats for Android, experts name Mamont, SpyNote, as well as modified versions of NFCGate and Triada.

Threats to Companies

Not only ordinary citizens but also businesses remain under threat from cyber threats. Attempts at web hacking were recorded, according to Kaspersky Lab, in about every sixth company in the region, and local threats — in almost every fifth. This indicates that criminals are actively seeking vulnerabilities not only in users« personal devices but also in corporate infrastructure.

According to analysts from Positive Technologies, 2025 was a serious test for the cybersecurity of large organizations worldwide. Companies increasingly perceive attacks not as technical failures but as strategic risks that can affect finances, reputation, and business resilience.

Particular danger is posed by the so-called domino effect, when an attack on one large company can lead to disruptions for its partners and suppliers, affecting entire industries. As a result, even organizations that were not directly hacked may face downtime and financial losses. Against the backdrop of growing threats, regulation of the digital environment is intensifying, as well as company executives« attention to protection issues.

«Boards of directors are increasingly discussing cyber risks on par with financial ones, and top managers are undergoing training on information security issues. Simultaneously, in attacks, criminals are increasingly using artificial intelligence. They use AI to create more convincing messages, personalized scenarios, and even malicious software. At the same time, protection specialists use the same technologies to analyze threats and respond more quickly,» explain the press service of Positive Technologies.

In 2025, according to experts, attention to the financial responsibility of cybersecurity solution suppliers has increased. Some vendors (companies that manufacture or supply goods, services, or software to other companies or end consumers. — Ed.) began offering clients guarantees and insurance coverage for cases of hacking, compensating for losses if their products do not stop attacks. This approach is becoming a competitive advantage, as customers want to see real protection backed by obligations.

What Else to Expect?

Cybersecurity experts agree that in 2026 there will be even more threats from criminals towards ordinary users. Scammers will more often use data leaks, AI-based tools, and deepfakes, and the boundary between social deception and technical hacking will continue to blur.

«An increase in attacks via messengers and mobile devices is likely, and the boundary between social and technical methods of deception will become even less noticeable. In these conditions, protection increasingly starts with simple rules. It is necessary to be attentive to any calls and messages, verify information through alternative channels, not follow suspicious links, and not install files from unknown sources. Complex unique passwords, two-factor authentication, and regular software updates play an important role in security,» warns Oksana Artemyeva.

The number of successful attacks, according to forecasts by Positive Technologies analysts, may increase by 30–35%, and the fraudsters« targets will remain the same — government institutions, industry, and critical infrastructure. The speakers also predict a rise in complex, multi-stage attacks that lead to data leaks and disruption of business processes.

«In such conditions, cybersecurity is transforming from a narrow technical topic into a critical part of business management, the economy, and society. Companies must not only strengthen protection but also implement practices for assessing resilience to attacks, consider potential damage in strategic planning, and countries — balance between security and citizens» digital rights,« concluded the press service of Positive Technologies.

Scammers regularly come up with new and new schemes to deceive citizens. Recently, a fraudster«s accomplice took 23 million rubles (about $255,600 at current rates) from a schoolgirl. He was found in Novosibirsk. The suspect explained that he wanted to earn some extra money.

And a resident of Akademgorodok (a scientific district in Novosibirsk) was attempted to be scammed by fraudsters. An 84-year-old Siberian woman was called by alleged representatives of an organization that changes intercoms and asked to name a code that came to her phone, and then convinced her to go to the bank and withdraw money. The elderly woman was met there by police officers.