Fraud-as-a-Service allows cybercriminals to launch complex attacks with minimal skills
User-friendly fraud kits that enable amateurs to execute complex attacks against thousands of accounts in minutes are widely available on the dark web according to the latest 2024 Report on Global Identity Fraud from AU10TIX.
FaaS platforms provide all the tools, templates and automation that fraudsters need, including deepfake generators to create synthetic selfies and videos, botnets to automate mass-scale account creation and takeover, and phishing kits for email and web-based scams.
"FaaS has elevated cybercrime, enabling a whole cohort of the population to join in on global fraud by launching large-scale attacks involving up to 8,000+ incidents," says Dan Yerushalmi, CEO of AU10TIX. "Using AI-driven tactics such as deepfake selfies and synthetic identities, organized fraudsters are testing traditional security measures like never before. Only by adopting more advanced fraud prevention techniques and multi-layered defenses can businesses stay ahead of emerging threats and strengthen trust with their users."
In one instance, AU10TIX has detected a single mega attack spanning four geographies (APAC, EMEA, LATAM, NA) and three industries (payments, crypto, social media). It involved 4,580 unique permutations of the same ID template and had all the hallmarks of a FaaS-enabled attack.
Social media became a critical battleground for fraud and misinformation in 2024, with a surge of activity related to elections, international conflicts, and other hot-button topics. Users also increasingly used these platforms for eCommerce, which has opened the door for fraudsters to conduct illicit activities that were once confined to payments, banking, crypto, and other fintech platforms. As a result, a full 30 percent of identity fraud attacks targeted social media in Q4, compared to just three percent in Q1.
As fraud increased on social media platforms though it has declined in the payments sector, which has historically been the most targeted industry. Payments saw 54 percent of attacks in Q1, but due to tougher law enforcement, the number had declined to 43 percent by Q4. Attacks against the crypto sector also decreased to 24 percent and stabilized following the implementation of the MiCA regulations in 2023.
You can get the full report from the AU10TIX site.
Image credit: Stevanovicigor/Dreamstime.com