Fraud Trends and Statistics in 2024

The surge in innovative fraud techniques poses unprecedented challenges and necessitates a more robust understanding of emerging threats. This article delves into the latest fraud trends, each embodying unique challenges and opportunities for those tasked with safeguarding digital assets and consumer trust. From the manipulation of synthetic identities to the exploitation of generative AI, the spectrum of cyber fraud is broadening, compelling businesses to adopt sophisticated fraud detection and prevention mechanisms.

Our exploration not only highlights the prevalence of these activities but also emphasizes the evolving nature of digital threats in a hyper-connected world.

Deepfakes and super-synthetic identities

During 2023 and the first half of 2024 there has been a marked rise in cybercrime and a variety of fraud types. However, the biggest jump was noted in deepfake fraud and super-synthetic identities.

Perhaps one of the biggest fraud efforts occurred at the beginning of 2024. The case involved deepfakes of multiple people on a single video call, and it caused a loss of $25 million for a multinational company in Hong Kong. Other cases of deepfraud have involved romance fraud - in these cases, fraudsters have leveraged text generation similar to ChatGPT capabilities.

If we look at the United Kingdom alone, there were 7.78 million Cyber Attacks on UK-based businesses during 2024. Over 400,000 cases of fraud and computer misuse were recorded, and the average cost of a cyber-attack to a UK business was £3,230. In the UK, that’s only the tip of the iceberg, because financial crimes are on the rise as well. UK consumers lost £479 million (USD 662 million) to financial fraud.

Another important finding was that deepfake detection is set to grow from $5.5 billion in 2023 to $15.7 billion in 2024, as reported by Bloomberg.

If we look a year back, things were not so good. The stunning fraud statistics indicated that due to the deepfake fraud wave in 2023, Britain lost £580 to fraud (FT). Another important finding was that deepfake detection is set to grow from $5.5 billion in 2023 to $15.7 billion in 2024, as reported by Bloomberg.

Generative AI enhances fraud

Generative AI, a frontier in artificial intelligence technology, harnesses the power of machine learning models to create content—from text to images—that is increasingly difficult to distinguish from that created by humans. This capability has opened new avenues for fraudsters, who use generative AI to craft convincing fake identities, documents, and even audio and video. The sophistication of these tools means they can be used in complex scams that were previously not possible.

What do the stats say?

According to a report by McKinsey, 40% of business respondents are expected to make further investments into AI and cybersecurity, and 28% have already made it a hot topic for their business agendas going into the new year.

As deepfake escalates, the now infamous 25 million dollar Zoom call stands as another chilling reminder of how far fraudster mechanisms have gone.

Phone and cyber scams, in total, took around $10 billion out of the pockets of Americans in 2022, FBI reports (source: ABC News).

Fraud as a service

Fraud as a Service (FaaS) represents a disturbing evolution in the world of cybercrime, where illicit services and tools are offered on a subscription or pay-per-use basis, akin to legitimate software-as-a-service offerings. This model enables even those with minimal technical expertise to launch sophisticated fraud schemes. FaaS providers offer a range of services, from creating fake identities and hacking tools to providing bespoke phishing campaigns and malware. This democratization of access to fraud capabilities has led to an increase in the scale and frequency of attacks, making it a critical point of concern for businesses and cybersecurity professionals.

Crypto fraud

Crypto fraud has emerged as a significant threat within the financial sector, driven by the increasing adoption of cryptocurrencies and the anonymity they offer. Common schemes include investment scams, where fraudulent entities promise high returns on crypto investments but instead divert funds for personal gain. Additionally, the rise of decentralized finance (DeFi) platforms has seen an increase in protocol exploits and rug pulls, where developers abandon a project and leave with investors' funds.

Another prevalent type of crypto fraud involves phishing attacks aimed at stealing private keys and accessing wallets directly. As cryptocurrencies continue to gain traction, the sophistication and frequency of associated frauds are expected to rise, posing ongoing challenges for investors and regulators alike.

This is why crypto companies need to focus on detecting illicit accounts that are likely to be synthetic identities, money mules, or anything similar that might indicate risk of fincrime.

Payment fraud

Payment fraud continues to be a pervasive issue within the financial sector, encompassing a range of deceptive practices that aim to misappropriate funds from individuals or businesses. Key types of payment fraud include:

• Account Takeovers: fraudsters gain unauthorized access to a customer's bank or credit card account and make unauthorized transactions.
• Money Mules: individuals are tricked or willingly participate in transferring illegally acquired money on behalf of others.
• Authorized Push Payment (APP) Fraud: victims are deceived into authorizing payments to an attacker under false pretenses.
• Credit Card Fraud: this involves the unauthorized use of a credit card to obtain goods or services.
• Fake Bank Account Fraud: fraudsters open bank accounts using false information to facilitate other frauds.

While these fraud types are not new, their execution continues to evolve with technological advancements, making them more sophisticated and harder to detect. More statistics indicate that fraud will continue. During the first half of 2023, €17.5m was illegally transferred through money mule accounts. Lloyds Bank revealed it has seized over £91m from mule accounts since 2018.

Increased obligations and/or liabilities

So, huge companies are already forced to take drastic measures to protect against future fraud. Alphabet (Google), Facebook (Meta), and other tech companies need to invest in countering deepfakes and fake accounts on their platforms or risk hefty fines under an updated European Union code of practice (Reuters).

The regulatory landscape surrounding payment systems is undergoing significant changes to bolster security and prevent fraud. The UK’s Payment Services (Amendment) Regulations 2024, for instance, focus heavily on combating APP fraud. These regulations are part of a broader international push to enhance transaction speed and security. A notable development in this arena is the European Council's mandate that all euro-denominated fund transfers within the EU and EEA be completed within ten seconds, any time of the day.

This regulatory shift is not only about speed but also includes enhanced measures for transaction security. Payment Service Providers (PSPs) are now required to implement cutting-edge fraud detection systems and ensure the immediate verification of a recipient's identity at no extra cost to the consumer. Moreover, these new rules empower clients to set caps on instant credit transfers, providing an added layer of security tailored to individual needs.

By addressing these increased obligations and liabilities, regulators and financial institutions aim to strike a balance between the necessity for rapid transactions and the imperative to safeguard against fraud.

Fraud protection in 2024

In 2024, fraud prevention continues to be shaped significantly by advancements in technology, especially through the use of machine learning (ML) and automation. These tools not only enhance the ability to detect and respond to fraud but also refine the process of identifying genuine threats from benign anomalies. Here’s how organizations are incorporating cutting-edge technologies into their fraud prevention strategies:

• ML-powered scoring and automated pattern detection: by using machine learning, companies can effectively score and prioritize trust and risk signals. This process is finely tuned through the analysis of vast amounts of historical data and specific training sets, enabling a more targeted and efficient approach to fraud detection.
• Phone number intelligence: this tool allows organizations to delve into detailed analytics, providing deeper insights into user phone data. Such intelligence is crucial for assessing the risk associated with each transaction or interaction.
• Email address analytics: comprehensive evaluations of email data play a vital role in enhancing security measures. By analyzing patterns and anomalies in email usage, companies can preemptively identify potential threats.
• Browser fingerprinting: the use of advanced browser biometrics offers a nuanced approach to security. This technology helps in understanding unique user behaviors and device characteristics, which are critical in detecting and preventing unauthorized access.

Incorporating these sophisticated tools allows businesses to allocate their resources more effectively, focusing on strategic initiatives rather than day-to-day threat mitigation.