User-friendly fraud-as-a-service (FaaS) kits that enable amateurs to execute complex attacks against thousands of accounts in minutes are becoming increasingly available online, AU10TIX, the identity verification and management technology provider, has revealed.
In a new report on global identity fraud in 2024, AU10TIX highlights how FaaS platforms offer all of the tools, templates and automation that fraudsters need to commit widescale identity fraud, deepfakes, and cyberattacks, including:
- Deepfake generators to create synthetic selfies and videos
- Botnets to automate mass-scale account creation and takeover
- Phishing kits for email and web-based scams
- Dark web marketplaces: a hub for buying stolen data
Drawing insights from millions of transactions processed around the globe from January to December 2024, the report uncovers significant trends in large-scale organised identity fraud.
“FaaS has elevated cybercrime, enabling a whole cohort of the population to join in on global fraud by launching large-scale attacks involving up to over 8,000 incidents,” explained Dan Yerushalmi, CEO of AU10TIX. “Using AI-driven tactics such as deepfake selfies and synthetic identities, organised fraudsters are testing traditional security measures like never before. Only by adopting more advanced fraud prevention techniques and multi-layered defences can businesses stay ahead of emerging threats and strengthen trust with their users.”
In one instance, AU10TIX detected a single mega attack spanning four geographies (APAC, EMEA, LATAM, NA) and three industries (payments, crypto, social media). It involved 4,580 unique permutations of the same ID template and had all the markings of a FaaS-enabled attack.
Fraud trends in 2024
AU10TIX revealed that APAC led the pack as the epicentre of 2024’s mega attacks, taking 88 per cent of the overall share. Meanwhile, social media became a critical battleground for fraud and misinformation in 2024, with a surge of activity related to elections, international conflicts, and other hot-button topics.
Users also increasingly leveraged these platforms for e-commerce, which opened the door for fraudsters to conduct illicit activities that were once confined to payments, banking, crypto, and other fintech platforms. As a result, a full 30 per cent of identity fraud attacks targeted social media in Q4, compared to a mere three per cent in Q1.
Enhanced selfie and fraud detection tools are necessary to protect social media engagement, ensure account authenticity, and prevent the risks posed by fake accounts.
As fraud increased on social media platforms, it declined in the payments sector, historically the most targeted industry. Payments saw 54 per cent of attacks in Q1, but due to tougher law enforcement, the number had declined to 43 per cent by Q4. Attacks against the crypto sector also decreased to 24 per cent and stabilised following the implementation of MiCA regulations in 2023.
In light of these findings, AU10TIX urges firms that ensure they are proactive and prepare for what’s coming next. It says future-proofing means adopting AI-driven validation and multi-layer defences to combat deepfakes, synthetic identities, and emerging threats.