The emergence of cyber-fraud

Julien Laurent at Group-IB explains why fraud prevention must evolve

 

The nature of financial fraud in the UK is going through a fundamental shift. In 2024 alone, over £1 billion was stolen through payment fraud, a continuation of the trend from the previous year. Yet, the total number of annual incidents notably fell. The numbers suggest that fraudsters are becoming more efficient, targeting bigger fish and extracting more money per incident. 

 

What fuels this efficiency? No longer confined to traditional scams or isolated cyber-incidents, today’s fraud schemes are increasingly interconnected, blending cyber-intrusion with financial exploitation. This evolution is giving rise to a new threat category, cyber-fraud, where digital access paves the way for high-impact financial crimes. 

 

As cyber-criminals refine their tactics and exploit digital vulnerabilities with greater precision, understanding how their strategies are evolving is crucial to staying ahead of the threat.

 

Evolving financial fraud strategies

Adversaries are moving away from conventional fraud strategies. Sophisticated cyber-attacks - such as malware, phishing, and account takeovers - increasingly serve as the first step in a complex, multi-stage digital fraud operation. 

 

Techniques have moved beyond Authorised Push Payment (APP) fraud, where deceptive emails or messaged are used to trick users into authorising fraudulent payments. Increasingly, cyber-criminals are using malware to gain access to business financial operations and divert or authorise payments themselves.

 

By using banking trojans, or infiltrating corporate emails to monitor, impersonate, and redirect payments to their accounts, they are bypassing the need to trick or manipulate employees. This improves their operational efficiency and makes traditional detection systems struggle with efficiently recognising illegal activities.

 

With the need to monitor an increased number of avenues for potential attacks, fraud protection specialists need to carefully rethink their approach.

 

Break the silos: legacy systems’ blind spots

Many organisations still rely on legacy anti-fraud systems that operate in isolation. While looking at a single detection layer, such as behavioural analysis, is valuable, it is insufficient as a primary defence against threats that blend cyber-intrusion and financial fraud. Normal user behaviour varies; therefore, over-reliance on behavioural signals can result in false positives, creating unnecessary friction for genuine users.

 

More worryingly, legacy systems struggle to identify sophisticated attacks when they don’t involve altered user behaviour. Users who have been coerced by social engineering scams, for instance, might continue to act normally. Stealthy malware, such as bank trojans, can operate without significantly altering user patterns. While fraudsters using stolen credentials on a clean device might initially appear legitimate. 

 

These are significant visibility gaps which cyber-criminals are successfully exploiting. For instance, a fraud detection system might recognise a user-initiated payment (such as in APP fraud) and approve it while remaining unaware that it was triggered by a phishing attack, which needs to be detected by a different cyber-security team. 

 

This siloed approach shows how legacy systems do not offer insights into the entire fraud scheme cycle, including the specific malware involved, the attacker’s infrastructure, and whether the user’s credentials were compromised in a breach. They identify a symptom but lack the cyber-security context to identify all the attack vectors, leaving businesses vulnerable and exposed.

 

This disconnect is precisely what modern attackers exploit, allowing cyber-criminals to slip through the gaps in businesses’ defences.

 

A new approach: cyber-fraud fusion

As cyber-criminal methods evolve, so should organisations’ fraud prevention strategies. 

 

Enter cyber-fraud fusion, the combination of cyber-security and fraud prevention, which involves merging the people, processes, and technologies from these traditionally separate fields. Only 5% of large businesses today have adopted this strategy, but as adversaries continue to innovate, this is set to rise to 20% by 2028. 

 

To stay ahead, organisations must be aware of cyber-security tactics, techniques and procedures that can help understand and predict attacker behaviour. This knowledge can be applied to configure and refine fraud detection rules, making them more proactive and resilient to sophisticated attacks.

 

By fusing cyber-security and fraud insights, businesses can construct a complete attack narrative, tracing the initial cyber-security indicators to the final fraud attempt. This grants end-to-end visibility of the entire fraud scheme.

 

Success in combating modern fraud cannot rely on siloed efforts. Only with a fully integrated, intelligence-powered defence can businesses gain the full picture and understand the true scope of their risks, effectively identify fraudulent activity, and take decisive action. 

 

---

 

Julien Laurent is Global Fraud Protection Lead at Group-IB

 

Main image courtesy of iStockPhoto.com and Thapana Onphalai