Digital scams have moved beyond isolated attacks to become an organized, multi-channel criminal industry that’s increasingly difficult to detect. This is the finding in Bitdefender’s Global Scam Intelligence Report 2026, a report that analyzes over 12 months the evolution of online frauds, suspicious messages, unwanted calls, malicious ads, fraudulent links, and campaigns across various platforms.
The most striking data appears at the start of the report: in 2025, scams are estimated to have caused around $424.2 billion in losses for consumers, marking this phenomenon as a global economic threat, not just a cybersecurity technical issue. Bitdefender also cites its own global survey of 7,000 consumers, where 1 in 7 people, 14%, claim to have been victims of a scam in the past year.
Youthfall easier, and scammers follow their victims
One of the most notable conclusions is that young consumers are much more vulnerable than commonly thought. According to Bitdefender, younger users are twice as likely to fall for a scam compared to those over 55. The victimization rate among younger generations is 20%, versus 9.7% among older users.
This isn’t necessarily due to less digital literacy but rather exposure. Scammers have shifted toward environments where young users spend most of their time: social media, messaging platforms, video games, ads embedded in content, and digital communities. In these spaces, fraud doesn’t always come as a suspicious email but as a job offer, promotion, quick investment, fake store, WhatsApp message, or seemingly legitimate ad.
The report also indicates that traditional channels still work. SMS, despite being an older technology, continues to be a mass fraud vector. Bitdefender detected that 5.2% of analyzed SMS messages, about 1 in 20, showed signs compatible with scam infrastructure or coordinated fraudulent activity. For a channel many users still associate with banks, delivery companies, or government agencies, this is particularly concerning.
| Report Indicator | Key Data |
|---|---|
| Surveyed consumers | 7,000 |
| Users reporting scam experience in the last year | 14% |
| Victimization rate among young users | 20% |
| Victimization rate among users over 55 | 9.7% |
| SMS with signs of fraud | 5.2% |
| Calls analyzed | About 150 million |
| Unwanted or fraudulent calls | Over 23 million |
| Unique numbers processed | Over 52 million |
| Numbers marked as unwanted | Over 500,000 |
| Fraudulent WhatsApp conversations with Business accounts | Over 60% |
Finance, phishing, and fake investments dominate fraud
Financial scams are the most common thread across nearly all analyzed channels. Investment frauds, banking phishing, and cryptocurrency-related scams appear in SMS, calls, social media ads, WhatsApp, and email. The form varies depending on the platform, but the goal remains the same: pressure the victim into making a quick financial decision before suspicion grows.
In global category analysis, Bitdefender identifies phishing as the main threat across all studied regions. The report’s overall charts also show investment scams, fake stores, fraudulent job offers, and social media scams. Distribution varies by country, but the pattern repeats: criminals adapt their messages to local contexts without significantly changing their operational structure.
Fake stores and fraudulent ads are prominent. The rise of online shopping and targeted advertising enable scammers to create seemingly legitimate storefronts, target specific audiences, and shut them down before accumulating too many complaints. Users don’t always arrive via suspicious links but through advertising campaigns mimicking real brands.
Work scams are also gaining ground. In a climate of economic uncertainty, remote work, and seeking additional income, criminals exploit fake job offers, fake recruitment processes, paid tasks, or simple gigs with unrealistic promises. Trust is built through repeated messages, personal conversations, and sometimes business accounts or profiles that appear legitimate.
WhatsApp and calls: trust becomes an attack vector
The report dedicates particular attention to WhatsApp. Bitdefender detected over 310,000 risky conversations in India during the analyzed period, illustrating how encrypted messaging platforms have become fertile ground for scams. The issue isn’t just volume but the trust in these channels: when a message reaches a private chat, the user’s psychological barrier lowers.
A particularly relevant point is that over 60% of the analyzed fraudulent conversations globally originated from WhatsApp Business accounts. This doesn’t mean the platform is inherently fraudulent but that scammers leverage visual cues of trust, automation, and commercial appearance to reduce victims’ suspicion.
Voice calls remain another profitable channel. Bitdefender analyzed nearly 150 million inbound calls during the reporting period. Over 23 million were classified as unwanted, fraudulent, or unsolicited, approximately 1 in 6 calls on protected devices. The system processed more than 52 million unique numbers and marked over half a million as unwanted.
The report also highlights an interesting detail: call duration can reveal much about the intent. In honeypot data from the US, malicious calls average around 7 minutes and 36 seconds, while “gray” calls average about 2 minutes. More sophisticated scams require conversation, persuasion, and time to build urgency or trust.
Fraud evolves with the calendar and each country
Another key insight is that scams don’t distribute evenly. They vary by region, season, and channel. In SMS, for instance, Bitdefender identifies finance as the dominant category in many months, with entertainment as the second-largest group and spikes tied to specific campaigns. In the US, nearly 4.5% of received short messages contained some form of risk, according to the report.
In the UK, the landscape appears more balanced, with finance, entertainment, and deliveries as major categories. In France and Germany, the report describes strong risk concentrations in the first quarter, followed by declines and reactivations in the fourth quarter. In Romania, the pattern is more fragmented, with more emphasis on prizes and deliveries during different times of the year.
This adaptability shows that criminal groups operate with campaign logic. They change topics, brands, seasons, and messages but maintain a shared infrastructure: links, fake pages, phone numbers, business profiles, ads, bots, automated messages, and call centers. This isn’t improvisation but an optimized operation.
Bitdefender also emphasizes that web threats remain the primary global delivery channel. Between January and December 2025, its systems analyzed 2.8 trillion URLs across browsers, email clients, and messaging apps. This telemetry allows real-time observation of phishing, fake pages, redirects, and malicious links, not just after reports are filed.
How to protect yourself: less haste, more verification
The report offers a practical lesson: modern scams don’t rely solely on malware or malicious links. They exploit human emotions such as urgency, fear, opportunity, greed, trust in a brand, or pressure to respond quickly. Therefore, defenses can’t depend only on antivirus software or filters, though these are still important tools.
Users should distrust messages asking for immediate action, always verify banking or delivery links through official channels, avoid making payments or investments via ads or private messages, and never share verification codes over the phone or messaging apps. It’s also wise to check if a business account on WhatsApp or social media genuinely belongs to the claimed company.
For companies, the conclusion is broader. Protection against scams can’t be limited to corporate email alone. It’s necessary to monitor for brand abuse, fraudulent ads, cloned domains, social media campaigns, SMS, calls, messaging, and customer service channels. Fraud moves where victims are, and today, victims are everywhere at once.
Online scams have matured into a significant criminal enterprise. They feature segmentation, campaigns, automation, A/B testing, shared infrastructure, and local adaptation. In response, actions must be equally coordinated: leveraging technology, education, early detection, platform collaboration, and fostering a less trusting digital culture toward messages that promise too much or demand haste.
Frequently Asked Questions
How many people fall for online scams?
According to Bitdefender’s global survey of 7,000 consumers, 1 in 7 people, 14%, claims to have been a scam victim in the past year.
Which channel is most dangerous for scams?
There isn’t a single channel. The report highlights risks via web, SMS, phone calls, WhatsApp, social media ads, and email. Financial fraud appears constantly across nearly all of them.
Why are young people more vulnerable to scams?
Bitdefender notes that young consumers have a victimization rate of 20%, compared to 9.7% for those over 55. Scammers have shifted to social media, messaging apps, gaming, and platforms where young users spend more time.
How can I detect an online scam?
Be suspicious of urgent messages, offers that are too good to be true, shortened links, requests for codes, promises of investments from strangers, and communications demanding quick payments. Always verify through the official website or app of the service.