The latest annual Cybercrime Report published by LexisNexis suggests both an increase in AI-driven fraud, as well as growth in fraud linked to growing use of online and mobile payments and apps.
According to the Report (available here: https://risk.lexisnexis.co.uk/insights-resources/research/cybercrime-report) which encompasses over 104 billion global transactions, there has been a shift over the past year in the type of fraud being recorded – as defined by cybercrime attacks detected in LexisNexis Digital Identity Network between January and December 2024:
- 36% of reported attacks are now first-party fraud – up from 15% last year
- Including bonus abuse and 1st party chargeback it’s up to 42%
- 1 in 11 new account creations is fraudulent, especially on mobile apps
- Mobile browsers are nearly 5x riskier than mobile apps
The role of the ‘mule’ – a person prepared to receive money from a victim’s account – has been growing in use. LexisNexis’ Report states: “In the UK, where scams first made headlines years ago, mule-related money movements seen in the Digital Identity Network solution are up 65% YoY”.
Citing figures from the UK Banking Consortium, the Report says the total value of payments moved by money mules last year was more than £130m. The mules used an average of 3.4 banks per network to funnel victim’s funds.
There are noticable differences between regions in the type of fraud committed. In the APAC region, it is dominated by third-party account takeover, driven by phishing. In the EMEA and North America regions, the data points to first-party fraud, driven by increases in the financial services and ecommerce sectors.
Other types of fraud noted include scams, identity theft, bonus abuse, third-party chargeback fraud, synthetic identity fraud, buyer fraud and subscription fraud.
APAC is identified as the region with most attacks of fraud. Human initiated attacks were up 61% YoY, and robotic (automated) attacks up 6%. This includes a deterioration in Japan, where romance and investment scams, and phone-related social engineering scams increased.
Hong Kong topped per capita fraud losses. In Singapore, some 86% of scams reported to the police involved authorised payment scams.
“The scam industry in APAC continues to grow and is reported to employ hundreds of thousands of people – some of them working as forced labour,” the Report notes.
Globally, the growing use of digital payments and apps is spurring growing attemps to gain access to accounts.
“Account takeover attempts were an elevated focus in both North America and APAC. The password reset attack in North America ballooned 90% to 2.7%, and in APAC it rose 66% to 1.3%, as fraudsters attempted to gain access to existing accounts in these regions. The password reset attack rate in EMEA kept declining (down 70% to 0.8%) as authorised scams continue to be the attack of choice, with no need for account access,” the Report states.
