Cybercriminals have more tools at their disposal than ever before, and they’re using them to target consumers in increasingly complex and effective ways. However, just because one of a financial institution’s customers falls victim to a scam, it doesn’t mean it was an isolated incident. In fact, emerging technologies are allowing criminals to organize and carry out attacks on a much larger scale.
2025 Cybersecurity Trends, a report from Javelin Strategy & Research’s Tracy (Kitten) Goldberg, Director of Fraud and Security, Suzanne Sando, Senior Fraud and Security Analyst, and Jennifer Pitt, Senior Fraud and Security Analyst at Javelin Strategy & Research detailed how criminals are using technology to accomplish everything from scams to disinformation campaigns, and it also highlights the steps financial institutions can take to protect themselves.
The Dual Role of AI
Artificial intelligence has become a key component of fraud mitigation systems, but it has also become a fixture in many fraud operations. However, at this juncture, AI is having a greater impact in the fight against fraud.
“You don’t have AI that is successfully fooling authentication technology, but you do have AI that’s fooling consumers,” Goldberg said. “They’re not able to take my image and fool facial recognition technology, but they could potentially fool my neighbor. AI is a concern, but I think the concern is more on the social engineering piece and how humans are manipulated.”
There have always been criminals willing to exploit others for fraudulent purposes, but the techniques and tactics they use have become more complex. For example, cybercriminals are leveraging AI to create deepfakes which can mimic voices or personas, using this technology to create fictitious communications.
Criminals also deploy cheapfakes, where they edit or alter actual videos or audios and present an individual’s words out of context to commit fraud or spread disinformation.
The proliferation of social media and the increased isolation of many individuals has fueled the rise of romance scams, where cybercriminals feign romantic interest to obtain personal details from consumers.
Because more children have unmonitored access to the internet and social media, cybercriminals have also engaged in manipulation and cyber bullying tactics in efforts to get kids to provide their personal information.
Though there are more types of fraud attacks, there is still an overarching theme.
“Whether it’s someone trying to socially engineer a consumer into providing access to their bank account details or a hacktivist group that’s spreading disinformation, the end is the same,” Goldberg said. “They’re convincing consumers of something that is not true and getting these consumers to provide information about themselves, or to believe a falsehood.”
Rethinking Security: Biometrics Over Passwords
Fraud attempts are designed to manipulate consumers, so financial institutions should bolster their consumer education efforts. However, organizations will never be able to fully account for the actions of its customers. This means institutions must find ways to remove the consumer from the cybersecurity equation.
One of the most effective ways organizations can do this is to move away from username and password verification. Criminals can hack passwords, manipulate consumers into providing them, or purchase login information from bad actors on the dark web.
Because usernames and passwords are an increasingly ineffective means of security, FIs should lean on biometrics to verify their customers’ identities. In addition to fingerprint scanning and facial recognition technology, there are behavioral biometrics platforms, which monitor how a user interacts with their device. There are also tools to verify the validity of the device itself to ensure the right consumer is granted access.
All in all, financial institutions must take a bigger-picture view of fraud. The advent of technologies like machine learning and AI means it is easier for organized groups to carry out fraud at scale.
A bank might uncover what initially appears to be a conventional scam, where a criminal has socially engineered a customer into providing access to their bank account details. However, the perpetrator could have ties to a nation-state threat actor or a fraud ring conducting attacks or spreading disinformation.
“For the financial services industry, this is why we’re talking about cyber fusion deployment,” Goldberg said. “It’s where they’re bringing in some of the tools that they use for anti-money laundering, Know Your Customer compliance, and fraud mitigation. This helps with some of the scam detection, but then also with how they can tie that into who is behind some of these attacks.”
Following the Trails of Cyberthreats
A cyber fusion approach emphasizes the importance of shared threat intelligence within an enterprise. One of the key components is attribution, which involves identifying the actors behind cyberattacks.
“You’re pulling in anonymized data signals that could help to track money mule activity or fraud activity that might go into a Suspicious Activity Report (SAR),” Goldberg said. “This could potentially tie the attempt in with other indicators that you might have on the fraud side that could relate to potential scams or social engineering. Then it’s sharing that, not only across your enterprise, but with other organizations as well.”
Collaboration across the financial services industry—whether through a consortium or other mechanisms—is critical for exposing fraud techniques and tracking threat actors. Unfortunately, significant progress toward industry-wide collaboration or widespread cyber fusion adoption has been slow.
That said, solutions do exist. Many larger financial institutions are already implementing cyber fusion strategies, potentially setting an industry precedent. In addition, vendors are available to aid financial institutions with implementation. The strategic use of partners and tools across an enterprise, coupled with consortium data and anonymized data signals will be essential for achieving a holistic cyber fusion approach in the financial services industry.
“The whole ecosystem is a complex puzzle with a lot of different pieces, but we think that it all fits together,” Goldberg said. “It’s hard to connect those dots, especially when you have something as common as a romance scam or a pig butchering scheme. But if you start to trace the breadcrumbs, you might find that this is connected to a much wider network that is supporting something much more nefarious, which could even be a national security issue.”
