Introduction

Cybercriminals are not slowing down. In fact, scams are becoming more targeted, more believable, and more dangerous than ever before. With the rise of AI, compromised business systems, and abuse of trusted platforms, many scams now look almost impossible to spot at first glance.

At ITFixio, we believe that knowledge is your first line of defence. Below, we break down the most important scams emerging in 2026, explain how they work, and outline what you and your business should do to stay protected.

Highly Targeted Phishing Scams Are on the Rise

Gone are the days of poorly written “Nigerian prince” emails. Today’s phishing attacks are tailored to your role, industry, and habits.

Common examples:

• Fake emails posing as mobile providers (e.g. claiming reward points are expiring)
• Emails targeting lawyers, directors, hotel staff, or finance teams
• Messages pretending to come from professional bodies or industry regulators

These emails often include:

• Password-protected ZIP files
• Fake Dropbox, OneDrive, or Google Drive links
• Attachments claiming to be urgent documents

Red Flag: Password-protected ZIP files are almost always malicious.

How to protect yourself:

• Never open unexpected attachments, even if they appear relevant to your role
• Verify urgent requests using a separate communication channel
• Use email security filtering and endpoint protection

“ClickFix” Scams – A Dangerous New Technique

A growing number of scams now pretend there is something “wrong” with your browser or device. Victims are instructed to.

Key tools to optimise:

• Click a button
• Copy and paste a command
• Run something in the Windows “Run” box

In reality, these actions install malware.

Rule to remember: No legitimate website will ever ask you to run commands on your computer.

Calendar Invite & Trusted Platform Scams

Scammers are increasingly abusing trusted services to bypass spam filters.

Examples include:

• Fake calendar invites containing malicious links
• Scam messages delivered via legitimate Google or Microsoft notifications
• Fake file-sharing alerts

Because these notifications come from trusted platforms, users are more likely to click.

Best practice:

• Treat unexpected calendar invites the same way you would suspicious emails
• Do not click links unless you were expecting the invite

The Brushing Scam – With a Phishing Twist

Some people receive unexpected packages they never ordered. This is known as a “brushing” scam, originally used to post fake online reviews.

What’s new?

• Packages now include QR codes asking you to scan to “see who sent the gift”
• Scanning leads to phishing sites pretending to be Amazon or retailers

Rule to remember: Scanning a QR code won’t hack your phone, but entering your login details will.

Hotel Booking & “I Paid Twice” Scams

This is one of the most concerning scams for businesses and travellers alike.

How it works:

• Scammers compromise hotel systems via phishing or malware
• They access real guest booking details
• Guests receive highly convincing emails asking for payment again

Because scammers have:

• Real booking references
• Correct dates
• Genuine hotel names

Victims often don’t realise it’s a scam until it’s too late.

Advice:

• Hotels must secure internal systems and staff training
• Guests should only make payments via official hotel websites or by calling the hotel directly

Tap-to-Pay Scams Explained (And What’s a Myth)

Contactless payments are generally very secure, but criminals have found ways to exploit human behaviour.

Known techniques:

• Ghost tapping: Attempting to charge cards through pockets or wallets
• Forced swipe scams: Disabling tap-to-pay so victims use insecure magnetic strips
• NFC sticker scams: Stickers that trigger phishing websites when phones are tapped

Important myth-buster: A sticker cannot steal your payment details directly. The danger comes from phishing websites

Protection tips:

• Use RFID-blocking wallets
• Be cautious if tap-to-pay suddenly “doesn’t work”
• Never follow payment instructions that redirect you to a website unexpectedly

Counterfeit Postage Stamp Scams

Scammers are selling fake postage stamps at large discounts via social media and marketplaces.

Key fact: Postage stamps are never discounted in any meaningful way. Using counterfeit stamps can result in:

• Rejected mail
• Fines or penalties

Deepfake AI Scams Are Exploding

AI is now being used to:

• Create fake videos of real people
• Clone voices
• Generate realistic images for scams

These have been used for:

• Fake investment promotions
• Fake hacking services
• Kidnapping extortion scams involving family members or pets

A video or image is no longer proof of authenticity.

Emotionally Manipulative Scams

Scammers increasingly exploit stress and fear, including:

• Fake police donation or charity calls
• Lost pet scams with AI-generated images
• Fake bail or ankle monitor fees targeting families of real detainee

Golden rule: Legitimate organisations do not demand payment via phone, text, or email under pressure.

“Pig Butchering” – The Most Destructive Scam

This long-term scam.

• Starts with a friendly text or dating app message
• Builds trust over weeks or months
• Leads victims into fake crypto investment platforms

Victims often lose their entire life savings.

If someone:

• Claims guaranteed profits
• Encourages you to use a specific unknown investment site
• Slowly builds a personal relationship before talking about money

…it is almost certainly a scam.

Advice:

• Hotels must secure internal systems and staff training
• Guests should only make payments via official hotel websites or by calling the hotel directly

Practical Security Tips You Should Implement Today

✔ Silence calls from unknown numbers
✔ Enable enhanced browser security settings
✔ Never share verification codes
✔ Treat urgency as a warning sign
✔ Train staff regularly on phishing awareness
✔ Use managed security, monitoring, and backups

How ITFixio Helps Protect Your Business

At ITFixio, we take a proactive, people-first approach to cybersecurity. We help businesses across the UK with:

With ITFixio, you get:

• Email security & phishing protection
• Endpoint security & monitoring
• Staff security awareness training
• Secure Microsoft 365 configurations
• Ongoing IT support and risk reduction

Because prevention is always cheaper than recovery.