{"id":3852,"date":"2026-06-25T10:04:02","date_gmt":"2026-06-25T10:04:02","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/"},"modified":"2026-06-25T10:04:02","modified_gmt":"2026-06-25T10:04:02","slug":"inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/","title":{"rendered":"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools"},"content":{"rendered":"<div>\n<p><img width=\"990\" height=\"400\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg\" class=\"attachment-securelist-huge-promo size-securelist-huge-promo wp-post-image\" alt=\"\" decoding=\"async\" loading=\"lazy\"><\/p>\n<p>Small and medium-sized businesses (SMBs) remain attractive targets for cybercriminals \u2013 in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/trusted-relationship-attack\/\" target=\"_blank\" rel=\"noopener\">trusted relationship<\/a> attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and necessary resources to protect themselves against an evolving threat landscape.<\/p>\n<p>Kaspersky believes that raising awareness can help small and medium-sized enterprises develop an effective protection strategy. Ahead of International SMB Day on June 27, Kaspersky presents the findings of its 2026 threat analysis for SMBs, which includes real-world examples of attacks.<\/p>\n<h2 id=\"key-findings\">Key findings<\/h2>\n<ul>\n<li>In the first four months of 2026, Kaspersky solutions detected over 33,300 cyberattacks on SMBs masquerading as popular artificial intelligence (AI) tools \u2013 almost five times more than in 2025 and 39% more than the number of attacks disguised as the office and collaboration tools that Kaspersky\u2019s research focuses on.<\/li>\n<li>Popular messengers and communication services remained the attacker\u2019s most widespread lure, with almost 415,000 attacks involving fake messenger apps and video conferencing software.<\/li>\n<li>The attackers follow trends: the AI tools Claude and OpenClaw (ex-ClawdBot\/MoltBot), which have gained popularity in 2026, were among the common AI lures.<\/li>\n<li>Fraudsters use fake AI tools to scam businesses out of money, while corporate accounts on social media also remain targets.<\/li>\n<li>The majority of initial accesses to corporate infrastructures sold on the dark web are allegedly accesses to SMBs. This could be because SMBs tend not to be as well protected as large enterprises and, at the same time, may be trusted contractors for those well-protected enterprises.<\/li>\n<\/ul>\n<h2 id=\"malware-and-potentially-unwanted-applications-puas-disguised-as-popular-services\">Malware and potentially unwanted applications (PUAs) disguised as popular services<\/h2>\n<p><em>Kaspersky researchers used data from Kaspersky Security Network (KSN) to explore how frequently malicious and unwanted files are disguised as legitimate applications that may be used by SMBs. KSN is a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users. For this part of the report, only anonymized data received from users of Kaspersky solutions for SMBs were analyzed.<\/em><\/p>\n<p>According to a <a href=\"https:\/\/sbecouncil.org\/2025\/10\/23\/new-sbe-council-survey-small-businesses-confident-about-2025-year-end-performance-ai-digital-tools-and-multi-channel-strategies-driving-growth-and-competitiveness\/\" target=\"_blank\" rel=\"noopener\">survey<\/a> by the Small Business &amp; Entrepreneurship Council (SBE Council), small business owners continue to embrace artificial intelligence and digital transformation as they maintain a generally positive outlook on the economy. Threat actors are also aware of the hype surrounding AI and exploit it for their own benefit. In particular, they actively distribute cyberthreats under the guise of popular AI services.<\/p>\n<p><strong>From January to April 2026, Kaspersky solutions detected 33,352 attacks on SMB users <\/strong>in which malware or potentially unwanted applications for PCs were disguised as five popular AI services. This figure represents an increase of <strong>almost five times<\/strong> compared to the previous year. This highlights an evolving trend in which threat actors are weaponizing trust in widely used AI platforms and services, especially popular ones like Claude. Kaspersky experts note that it\u2019s important to download apps from official sources and to verify which apps are available for which platforms.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/DJT1mCPmLP8WMsAHu3qo\" data-type=\"interactive\" data-title=\"01 EN ES PT-BR - SMB report charts\" style=\"min-height:;\"><\/div>\n<\/p>\n<p><center><strong><em>Share of attacks targeting SMBs in which malware or PUAs mimic the five popular, legitimate AI apps that Kaspersky\u2019s research focuses on, first four months of 2025 and 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082336\/01-en-es-pt-br-smb-report-charts.png\" target=\"_blank\">download<\/a>)<\/em><\/strong><\/center><\/p>\n<p>In the first four months of 2026, Kaspersky researchers also identified <strong>more than<\/strong> <strong>1,100 unique samples <\/strong>of malware and PUAs detected in the SMB sector that masqueraded as five popular AI applications, representing a <strong>21%<\/strong> increase compared to the same period of 2025. The samples were mainly different types of Trojware (Trojans and Trojan-like malware), including those capable of downloading and running other malware on compromised devices. Trojware disguises itself as harmless files to trick users into installing them. Their functionality may vary depending on the particular type of Trojware. This may include stealing, deleting, blocking, modifying or copying users\u2019 data, as well as other malicious actions. Trojware therefore represents a highly dangerous cyberthreat to entrepreneurs and businesses.<\/p>\n<p>Kaspersky experts also note that the threat landscape is constantly evolving with new lures appearing all the time. For example, in the first four months of 2026, Kaspersky solutions blocked hundreds of attacks in which malware or PUAs for PCs were disguised as OpenClaw (previously known as Clawdbot or Moltbot).<\/p>\n<h3 id=\"other-lures-for-smbs-fake-communication-apps-and-office-software\">Other lures for SMBs: Fake communication apps and office software<\/h3>\n<p>Kaspersky analysts also explored how attackers leverage other legitimate applications as lures to target SMBs. For example, <strong>from January to April 2026, <\/strong><strong>Kaspersky solutions blocked 414,736 attacks on SMB users<\/strong> in which malicious software or PUAs for PCs were disguised as the popular communication apps that Kaspersky\u2019s report focuses on. The number of attacks changed marginally compared to the previous year\u2019s figure, indicating that the lure of fake communication apps remains a serious cyberthreat.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/fJU2tDWc69VchyIhVtpC\" data-type=\"interactive\" data-title=\"02 EN ES PT-BR - SMB report charts\" style=\"min-height:;\"><\/div>\n<\/p>\n<p><center><strong><em>Share of attacks targeting SMBs in which malware or PUAs mimic the four legitimate communication apps covered by Kaspersky\u2019s research, first four months of 2025 and 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082349\/02-en-es-pt-br-smb-report-charts.png\" target=\"_blank\">download<\/a>)<\/em><\/strong><\/center><\/p>\n<p>Various fake office applications and collaborative platforms also remain among the lures that attackers may exploit to target SMBs. <strong>According to Kaspersky telemetry, more than 24,000 attacks were detected from January to April 2026 in which malware or PUAs for PCs were disguised as specific office applications<\/strong>.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/144VlneutKDle9qH4Tvd\" data-type=\"interactive\" data-title=\"03 EN ES PT-BR - SMB report charts\" style=\"min-height:;\"><\/div>\n<\/p>\n<p><center><strong><em>Share of attacks targeting SMBs in which malware or PUAs mimic the six popular office applications and collaboration tools covered by Kaspersky\u2019s research, first four months of 2025 and 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082402\/03-en-es-pt-br-smb-report-charts.png\" target=\"_blank\">download<\/a>)<\/em><\/strong><\/center><\/p>\n<p>In 2026, AI-related baits have become more widespread among cybercriminals than traditional fake office and collaboration tools. Kaspersky experts note that the more publicity and hype there is around certain tools, the more likely a user is to come across a fake package online.<\/p>\n<h2 id=\"scammers-and-phishers-tricking-victims-into-providing-credentials-and-funds\">Scammers and phishers tricking victims into providing credentials and funds<\/h2>\n<p>In 2026, Kaspersky researchers observed a wide range of phishing campaigns and scams targeting businesses and entrepreneurs. Fraudsters mimic financial and AI services as well as other platforms in order to steal credentials, personal information and funds.<\/p>\n<p>In the following example, fraudsters disguise themselves as a bank that allegedly offers services for businesses (in other similar schemes they may offer business loans). Entrepreneurs are prompted to visit a scam website and enter their data to open a business account. The requested information varies depending on the scam, but may include name, email address, phone number, social security number, date of birth and address. Scammers may then use this data in their schemes or sell it on the dark web.<\/p>\n<p>Kaspersky experts advise: if you encounter such a website, you should not rush to enter any data. First, examine it. Does the purported financial organization actually exist? How old is the website? Check the WHOIS records and read user reviews before entering any information on the page.<\/p>\n<div id=\"attachment_120395\" style=\"width: 2036px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01.png\" class=\"magnificImage\"><img fetchpriority=\"high\" decoding=\"async\" aria-describedby=\"caption-attachment-120395\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01.png\" alt=\"Example of a scam page targeting entrepreneurs\" width=\"2026\" height=\"1174\" class=\"size-full wp-image-120395\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01.png 2026w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01-300x174.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01-1024x593.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01-768x445.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01-1536x890.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01-604x350.png 604w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01-740x429.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01-483x280.png 483w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082447\/smb-threat-report-2026-01-800x464.png 800w\" sizes=\"(max-width: 2026px) 100vw, 2026px\"><\/a><\/p>\n<p id=\"caption-attachment-120395\" class=\"wp-caption-text\">Example of a scam page targeting entrepreneurs<\/p>\n<\/div>\n<p>As with many other cyberthreats, AI services are also leveraged as a lure in scams. For example, Kaspersky experts identified a scam website for an AI service<em> \u201cbuilt for contractors\u201d<\/em>. According to the text on the fraudulent page, the tool can help with <em>\u201cestimates, invoices and schedule\u201d<\/em>. However, in reality, in such schemes victims usually receive nothing after paying for a subscription, while the scammers get all the money.<\/p>\n<div id=\"attachment_120396\" style=\"width: 1008px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120396\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02.png\" alt=\"Example of a scam page promoting an AI tool\" width=\"998\" height=\"675\" class=\"size-full wp-image-120396\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02.png 998w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02-300x203.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02-768x519.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02-517x350.png 517w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02-740x501.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02-414x280.png 414w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082459\/smb-threat-report-2026-02-800x541.png 800w\" sizes=\"auto, (max-width: 998px) 100vw, 998px\"><\/a><\/p>\n<p id=\"caption-attachment-120396\" class=\"wp-caption-text\">Example of a scam page promoting an AI tool<\/p>\n<\/div>\n<p>Kaspersky experts note that business accounts on social networks and messengers remain attractive targets for cybercriminals in 2026. In one scheme, phishers distributed notifications with fake alerts related to companies\u2019 business pages. The notifications claimed that<em> Facebook\u2019s review system had detected behavior that seriously violated its Community Standards and Advertising Policies<\/em>. To avoid permanent restriction of their business page on the social network, owners were prompted to fill out an appeal form and provide personal and business email addresses, phone numbers, as well as the name of their business page and the password for their social network account. The attackers\u2019 goal was to obtain credentials. To reduce user vigilance\u00a0 and appear legitimate, fraudsters also sent victims a fake <em>appeal code<\/em>.<\/p>\n<div id=\"attachment_120397\" style=\"width: 1258px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120397\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03.png\" alt=\"Example of a fake notification\" width=\"1248\" height=\"1350\" class=\"size-full wp-image-120397\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03.png 1248w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03-277x300.png 277w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03-947x1024.png 947w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03-768x831.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03-324x350.png 324w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03-740x800.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03-259x280.png 259w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082544\/smb-threat-report-2026-03-800x865.png 800w\" sizes=\"auto, (max-width: 1248px) 100vw, 1248px\"><\/a><\/p>\n<p id=\"caption-attachment-120397\" class=\"wp-caption-text\">Example of a fake notification<\/p>\n<\/div>\n<h2 id=\"email-threats-fake-online-documents-and-exploitation-of-legitimate-platforms\">Email threats: Fake online documents and exploitation of legitimate platforms<\/h2>\n<p>Email remains one of the most widely used channels for cyberattacks targeting enterprises, including small and medium-sized businesses. In 2026, attackers have frequently combined email distribution with the exploitation of legitimate third-party platforms. This is how phishers and scammers usually attempt to bypass traditional email filters and exploit user trust in reputable services. Kaspersky researchers have also observed a large number of schemes targeting corporate users in which phishers and scammers use fake online documents or nonexistent meetings as bait.<\/p>\n<p>In one recent scheme detected by Kaspersky, the attackers sent a fake notification disguised as a letter from OneDrive. The victim was prompted to <em>access the document<\/em> by clicking a button, but in reality, it led to a phishing website where users risked losing their confidential data. To make the email appear legitimate, the attackers added a phrase designed to\u00a0 lower the victim\u2019s vigilance: \u201c<em>This item is encrypted and hosted within your secure cloud perimeter.\u201d <\/em>They also parsed the recipient\u2019s email address and used the extracted data in the fake notification text so that the email looked like a standard notification from this type of service: \u201c<em>[email address domain as company name] has successfully uploaded a new file for [the user\u2019s name as stated in their email address]<\/em>.\u201d<\/p>\n<div id=\"attachment_120398\" style=\"width: 1926px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120398\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04.png\" alt=\"Example of a phishing scheme with fake online documents\" width=\"1916\" height=\"945\" class=\"size-full wp-image-120398\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04.png 1916w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04-300x148.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04-1024x505.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04-768x379.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04-1536x758.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04-710x350.png 710w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04-740x365.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04-568x280.png 568w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082558\/smb-threat-report-2026-04-800x395.png 800w\" sizes=\"auto, (max-width: 1916px) 100vw, 1916px\"><\/a><\/p>\n<p id=\"caption-attachment-120398\" class=\"wp-caption-text\">Example of a phishing scheme with fake online documents<\/p>\n<\/div>\n<p>Attackers also use other pretexts to trick victims into sharing confidential information, for example fake <em>compliance issues<\/em>. In the example below, the attackers posed as Apple representatives. The fake notification stated: \u201c<em>Apple has identified a compliance issue related to Google Ads campaigns directing traffic to Apple product detail pages associated with the victim\u2019s seller account<\/em>.\u201d However, the button in the email led to a phishing website where users are tricked into sharing confidential data.<\/p>\n<div id=\"attachment_120399\" style=\"width: 2570px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-scaled.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120399\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-scaled.png\" alt=\"Example of a fake compliance issue notification\" width=\"2560\" height=\"1311\" class=\"size-full wp-image-120399\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-scaled.png 2560w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-300x154.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-1024x525.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-768x393.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-1536x787.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-2048x1049.png 2048w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-683x350.png 683w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-740x379.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-547x280.png 547w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082618\/smb-threat-report-2026-05-800x410.png 800w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\"><\/a><\/p>\n<p id=\"caption-attachment-120399\" class=\"wp-caption-text\">Example of a fake compliance issue notification<\/p>\n<\/div>\n<p>Kaspersky experts observed another notable two-stage scheme aimed at stealing credentials from corporate emails, which involved distributing an invitation to a nonexistent meeting. The scheme is deployed in two stages. In stage one, a corporate user receives an email about a fictitious meeting. After clicking the \u201cAccept Meeting Invitation\u201d button, the user is redirected to a legitimate Zoom Docs (previous Zoom canvas brand) page. In stage two, the victim is prompted to click a hyperlink that reads \u201cClick Here to Accept Meeting\u201d. However, the URL of a phishing page is hidden behind this hyperlink.<\/p>\n<div id=\"attachment_120400\" style=\"width: 1926px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120400\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06.png\" alt=\"Example of an email with a fake meeting\" width=\"1916\" height=\"981\" class=\"size-full wp-image-120400\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06.png 1916w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06-300x154.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06-1024x524.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06-768x393.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06-1536x786.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06-684x350.png 684w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06-740x379.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06-547x280.png 547w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082632\/smb-threat-report-2026-06-800x410.png 800w\" sizes=\"auto, (max-width: 1916px) 100vw, 1916px\"><\/a><\/p>\n<p id=\"caption-attachment-120400\" class=\"wp-caption-text\">Example of an email with a fake meeting<\/p>\n<\/div>\n<div id=\"attachment_120401\" style=\"width: 1847px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120401\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07.png\" alt=\"Zoom Docs page containing the phishing link\" width=\"1837\" height=\"994\" class=\"size-full wp-image-120401\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07.png 1837w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07-300x162.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07-1024x554.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07-768x416.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07-1536x831.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07-647x350.png 647w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07-740x400.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07-517x280.png 517w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082645\/smb-threat-report-2026-07-800x433.png 800w\" sizes=\"auto, (max-width: 1837px) 100vw, 1837px\"><\/a><\/p>\n<p id=\"caption-attachment-120401\" class=\"wp-caption-text\">Zoom Docs page containing the phishing link<\/p>\n<\/div>\n<p>Malware is also actively distributed via email. In 2025, individuals and corporate users encountered over 144 million malicious and potentially unwanted email attachments, <a href=\"https:\/\/www.kaspersky.com\/about\/press-releases\/kaspersky-reports-15-growth-in-malicious-email-attacks-in-2025\" target=\"_blank\" rel=\"noopener\">representing a 15% increase<\/a> from the previous year.<\/p>\n<p>Kaspersky experts note that the lures used in subject lines and texts of malicious emails can appear relatively harmless and rather unsophisticated. In the example below, the attackers target businesses with a fake request for \u201c<em>the best quote for the items attached<\/em>.\u201d However, the attached file actually contains a Trojan.<\/p>\n<div id=\"attachment_120402\" style=\"width: 1926px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120402\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08.png\" alt=\"Example of a malicious email\" width=\"1916\" height=\"981\" class=\"size-full wp-image-120402\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08.png 1916w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08-300x154.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08-1024x524.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08-768x393.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08-1536x786.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08-684x350.png 684w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08-740x379.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08-547x280.png 547w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082703\/smb-threat-report-2026-08-800x410.png 800w\" sizes=\"auto, (max-width: 1916px) 100vw, 1916px\"><\/a><\/p>\n<p id=\"caption-attachment-120402\" class=\"wp-caption-text\">Example of a malicious email<\/p>\n<\/div>\n<h2 id=\"corporate-infrastructure-access-for-sale-posts-on-the-dark-web\">Corporate infrastructure access for sale: Posts on the dark web<\/h2>\n<p>To assess threat actor activity, <a href=\"https:\/\/dfi.kaspersky.com\/?icid=gl_sl_dfi-lnk_sm-team_99639c2452ebbd18\" target=\"_blank\" rel=\"noopener\">Kaspersky Digital Footprint Intelligence<\/a> experts analyzed hundreds of posts offering initial access to corporate infrastructures published on dark web forums from January to April of both 2025 and 2026. Kaspersky experts note that a single post may contain several offers for access to different allegedly compromised companies.<\/p>\n<div id=\"attachment_120403\" style=\"width: 1328px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120403\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09.png\" alt=\"Example of a post on a darknet forum\" width=\"1318\" height=\"587\" class=\"size-full wp-image-120403\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09.png 1318w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09-300x134.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09-1024x456.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09-768x342.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09-786x350.png 786w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09-740x330.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09-629x280.png 629w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082712\/smb-threat-report-2026-09-800x356.png 800w\" sizes=\"auto, (max-width: 1318px) 100vw, 1318px\"><\/a><\/p>\n<p id=\"caption-attachment-120403\" class=\"wp-caption-text\">Example of a post on a darknet forum<\/p>\n<\/div>\n<p>Initial access brokers (IABs) sell initial access to compromised businesses, for example, via RDP or web shells. In their posts, IABs may provide information about the region where the allegedly compromised companies are located, their industry and revenue, as well as the type of access. IABs sell access that the buyers can then use for different purposes, including ransomware attacks, stealing corporate confidential information or other fraudulent activity. The price of initial access on dark web forums may depend on the revenue, industry or location of the allegedly compromised companies, or on the access privileges. For example, accounts with admin rights are usually more expensive because they can provide attackers with a wide range of possibilities.<\/p>\n<p>According to the research, there were more posts offering initial access to companies of different sizes located in <strong>the Middle East<\/strong> (<strong>up 53% <\/strong>from last year), <strong>Africa <\/strong>(<strong>up 40%<\/strong>) and <strong>Latin America <\/strong>(<strong>up 17%<\/strong>). Meanwhile the number of posts related to companies located in <strong>Europe decreased by 34%<\/strong>. According to Kaspersky experts, this decline can be partially explained by the closure of a dark web forum containing such posts around the time of the study. The number of publications related to companies located in the <strong>APAC region <\/strong>also decreased slightly <strong>(down 4%)<\/strong>, but remained at a consistently significant level for the second year in a row.<br \/>\nAt the same time, the number of posts where the region was not specified <strong>decreased by 56% <\/strong>in 2026 compared to the previous year. Kaspersky analysts assume that this may indicate that initial access posts from IABs are becoming more targeted and unique.<\/p>\n<h3 id=\"share-of-posts-with-initial-access-offers-by-business-size\">Share of posts with initial access offers by business size<\/h3>\n<p><em>For this research, Kaspersky experts defined a small business as having an annual revenue of up to US$50 million, and a medium-sized business as having an annual revenue of between US$50 million and US$1 billion.<\/em><\/p>\n<p>According to Kaspersky\u2019s research, at the beginning of 2026 the share of posts on dark web forums with offers of initial access to allegedly compromised <strong>small businesses<\/strong> was larger than the shares of posts offering access to medium, large or nonprofit organizations. However, this share decreased in the first four months of 2026 compared to the same period in 2025. The share of posts concerning <strong>medium<\/strong><strong>\u2011<\/strong><strong>sized<\/strong> organizations also remained significant for two consecutive years. Taken together, posts concerning <strong>small and medium<\/strong><strong>\u2011<\/strong><strong>sized<\/strong> <strong>organizations account for more than half <\/strong>of all the analyzed posts with initial access offers on dark web forums.<\/p>\n<p>At the same time for a certain number of posts initial access brokers didn\u2019t indicate companies\u2019 revenue, therefore, making it impossible to determine the size of the company.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/o10Ls1uIUZpCgEbLStyX\" data-type=\"interactive\" data-title=\"04 EN - SMB report charts\" style=\"min-height:;\"><\/div>\n<\/p>\n<p><center><strong><em>Share of posts with initial access offers by business size, January\u2013April 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082416\/04-en-smb-report-charts.png\" target=\"_blank\">download<\/a>)<\/em><\/strong><\/center><\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/3UU1FPzVXoTq6pAyKm48\" data-type=\"interactive\" data-title=\"05 EN - SMB report charts\" style=\"min-height:;\"><\/div>\n<\/p>\n<p><center><strong><em>Share of posts with initial access offers by business size, January\u2013April 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25082427\/05-en-smb-report-charts.png\" target=\"_blank\">download<\/a>)<\/em><\/strong><\/center><\/p>\n<p>Kaspersky experts note that despite the prevalence of posts concerning small businesses, threat actors may target medium\u2011sized businesses because they generate higher revenues than small businesses and may have weaker security defenses than large businesses.<\/p>\n<p>SMBs can also become targets as a part of trusted relationship attacks, which enable the attackers to reach larger organizations. According to the <a href=\"https:\/\/securelist.com\/global-report-security-services-2026\/119233\/\" target=\"_blank\" rel=\"noopener\">Global Report by Kaspersky Security Services<\/a>, the share of trusted relationship attacks among the initial vectors increased from 12.7% in 2024 to 15.5% in 2025. Therefore, the common belief that small and medium\u2011sized enterprises are of no interest to attackers is a misconception. Companies of all sizes need to understand the cyberthreat landscape, adhere to cybersecurity rules, implement appropriate cybersecurity solutions, and continuously improve employee awareness.<\/p>\n<h2 id=\"cybersecurity-action-plan-for-smbs\">Cybersecurity action plan for SMBs<\/h2>\n<p>SMBs can reduce risks and ensure business continuity by investing in comprehensive cybersecurity solutions and increasing employee awareness. To protect themselves from the ever-evolving threat landscape, companies are advised to follow these rules:<\/p>\n<ol>\n<li><strong>Define access rules for corporate resources<\/strong> such as internet services, email accounts, shared folders, and online documents. Keep access lists up to date and revoke access promptly when employees leave the company.<\/li>\n<li><strong>Regularly back up important data<\/strong> to ensure the preservation of corporate information in case of emergencies.<\/li>\n<li><strong>Establish clear guidelines for using external services and resources.<\/strong> Create well-defined procedures for coordinating specific tasks, such as implementing new software, with the IT department and other responsible managers. Develop short, easy-to-understand cybersecurity guidelines for employees, with a special focus on account and password management, email protection, and safe web browsing. A well-rounded training program will equip employees with the necessary knowledge and ability to apply it in practice.<\/li>\n<li><strong>Raise employees\u2019 security awareness.<\/strong> Conduct dedicated training to teach staff how to detect and address potential threats, and track their educational progress. Organizations can achieve this with the <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/security-awareness-platform?icid=gl_sl_kasap-lnk_sm-team_580879adc8f0411e\" target=\"_blank\" rel=\"noopener\">Kaspersky Automated Security Awareness Platform<\/a> through interactive online modules and simulated phishing campaigns that build sustainable cyber hygiene habits across all teams.<\/li>\n<li><strong>Implement specialized cybersecurity solutions that fit your budget, size, and industry requirements<\/strong>, with an emphasis on scalability and ease of integration.\n<ol type=\"a\">\n<li><a href=\"https:\/\/www.kaspersky.com\/small-business-security\/small-office-security?icid=gl_sl_ksos-lnk_sm-team_4ee08461b6987110\" target=\"_blank\" rel=\"noopener\">Kaspersky Small Office Security Premium<\/a> is an easy-to-use solution that protects against advanced threats and also provides access to security awareness training for employees, making it ideal for micro-businesses.<\/li>\n<li>Small and medium-sized enterprises with more mature IT expertise should consider <a href=\"https:\/\/www.kaspersky.com\/next?icid=gl_sl_knext-lnk_sm-team_81901ef8adaebd96\" target=\"_blank\" rel=\"noopener\">Kaspersky Next Optimum<\/a>, which is designed specifically for growing organizations and offers real-time protection, threat visibility, as well as EDR and XDR investigation and response capabilities.<\/li>\n<\/ol>\n<\/li>\n<li><strong>Protect your business against email-borne threats.<\/strong> <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/mail-server-security?icid=gl_sl_lnk-mail-server-security_sm-team_07351ed8c5ab12ce\" target=\"_blank\" rel=\"noopener\">Kaspersky Security for Mail Server<\/a>, a comprehensive email security platform that offers robust, multi-layered protection at mailbox and gateway levels, can help with this. Powered by machine learning and leading global threat intelligence, it effectively addresses all mail security challenges.<\/li>\n<li><strong>Adopt specialized solutions<\/strong> such as <a href=\"https:\/\/dfi.kaspersky.com\/?icid=gl_sl_dfi-lnk_sm-team_99639c2452ebbd18\" target=\"_blank\" rel=\"noopener\">Kaspersky Digital Footprint Intelligence<\/a> to monitor the surface, deep, and dark webs for information about a company\u2019s credentials, leaked data, and lookalike websites. Small and medium-sized companies with limited IT security budgets can partner with a <a href=\"https:\/\/locator.kaspersky.com\/b2b\/?icid=gl_sl_partners-lnk_sm-team_cabc14139ece4513\" target=\"_blank\" rel=\"noopener\">managed security service provider (MSSP)<\/a> to access this comprehensive digital risk protection service at an affordable, subscription-based price point.<\/li>\n<\/ol>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Small and medium-sized businesses (SMBs) remain attractive targets for cybercriminals \u2013 in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through trusted relationship attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and necessary resources to protect themselves against an evolving threat landscape. Kaspersky believes that raising awareness can help [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[21,90,225,1141,228,342,99,94,221,1337,222,236,257],"tags":[91],"class_list":["post-3852","post","type-post","status-publish","format-standard","hentry","category-artificial-intelligence","category-cybersecurity","category-darknet","category-data-leaks","category-data-theft","category-fraud","category-malware","category-phishing","category-research","category-small-and-medium-sized-business","category-spam-and-phishing","category-trojan","category-windows-malware","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"Small and medium-sized businesses (SMBs) remain attractive targets for cybercriminals \u2013 in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through trusted relationship attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and necessary resources to protect themselves against an evolving threat landscape. Kaspersky believes that raising awareness can help [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-25T10:04:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools\",\"datePublished\":\"2026-06-25T10:04:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/\"},\"wordCount\":2838,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Artificial Intelligence\",\"Cybersecurity\",\"Darknet\",\"Data leaks\",\"Data theft\",\"fraud\",\"Malware\",\"Phishing\",\"Research\",\"Small and medium-sized business\",\"Spam and phishing\",\"Trojan\",\"Windows malware\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/\",\"name\":\"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg\",\"datePublished\":\"2026-06-25T10:04:02+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#primaryimage\",\"url\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg\",\"contentUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/","og_locale":"en_US","og_type":"article","og_title":"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools - Imperative Business Ventures Limited","og_description":"Small and medium-sized businesses (SMBs) remain attractive targets for cybercriminals \u2013 in both mass cyberattacks and sophisticated campaigns targeting larger enterprises through trusted relationship attacks. At the same time, smaller businesses may lack the robust cybersecurity policies and necessary resources to protect themselves against an evolving threat landscape. Kaspersky believes that raising awareness can help [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-06-25T10:04:02+00:00","og_image":[{"url":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools","datePublished":"2026-06-25T10:04:02+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/"},"wordCount":2838,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#primaryimage"},"thumbnailUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg","keywords":["Cybersecurity"],"articleSection":["Artificial Intelligence","Cybersecurity","Darknet","Data leaks","Data theft","fraud","Malware","Phishing","Research","Small and medium-sized business","Spam and phishing","Trojan","Windows malware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/","name":"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#primaryimage"},"thumbnailUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg","datePublished":"2026-06-25T10:04:02+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#primaryimage","url":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg","contentUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/25073838\/SL-SMB-report-featured-990x400.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/25\/inside-the-2026-smb-threat-landscape-from-phishing-and-scams-to-fake-ai-tools\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=3852"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3852\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=3852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=3852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=3852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}