Phishing and online fraud are increasingly shifting away from obvious brand impersonation towards search results, paid advertising, business workflows and online marketplaces, according to new research from Bolster AI.

Its 2026 Fraud Trends and Predictions report found that today’s most effective scams are no longer isolated emails or one-off impersonation attempts, but are instead engineered as end-to-end fraud journeys designed to guide victims from discovery through to conversion across multiple trusted digital environments.

The findings suggest attackers are deliberately exploiting high-trust digital touchpoints that consumers and businesses interact with every day, mirroring legitimate online customer journeys rather than relying on crude deception.

“Attackers are designing scams that look and feel real from start to finish,” said Rod Schultz, CEO of Bolster AI. “They are abusing high trust, every day digital activities to scam people, including search results, paid ads, document approvals, and login prompts. Every step is intentional, and every step is optimized to get someone to act.”

Bolster’s research team tracked more than 11.9 million malicious domains in 2025 linked to phishing, fraud and misinformation campaigns, underlining how quickly attackers can now stand up, test and rotate infrastructure once an effective distribution model has been identified.

Advances in automation and generative AI have dramatically reduced the cost and time required to launch these operations, allowing cybercriminals to scale activity in much the same way as legitimate digital marketing teams. As a result, attackers are increasingly investing in channels such as search engine optimisation and paid advertising, calculating that the potential financial returns outweigh the upfront costs.

The report highlights how search results are being used to capture users early in the decision-making process, with realistic informational pages designed to outrank official brand or platform sources. Paid advertisements are increasingly deployed at moments of high intent, such as logging in, verifying accounts or attempting to resolve customer service issues, while business workflows including document signing and approval requests have emerged as reliable entry points for fraud.

Online marketplaces are also playing a growing role in rapid monetisation, with counterfeit listings and digital goods scams benefiting from built-in trust signals such as reviews, familiar branding and established checkout journeys. Targeted sectors tend to reflect environments where trust already exists at scale, including technology platforms, government services and financial institutions.

“What we’re seeing is closer to a buyer’s journey than a traditional scam,” Schultz said. “Attackers are planning ahead, choosing channels deliberately, and reusing what converts.”

Fraud in 2026 is likely to continue evolving as a set of engineered systems rather than isolated attacks, with campaigns timed around predictable consumer and business events, scaled rapidly and distributed through channels where legitimacy is largely assumed, explained Schultz.

“Defending against this kind of fraud requires understanding how these operations are built. If security teams only look for suspicious messages reaching their customers at the end of the chain, they’re already too late,” Schultz added.