As technology becomes increasingly sophisticated, so do the scams criminals use to prey on unwitting victims. The new 2026 Fraud Management Trends report from Javelin Strategy & Research focuses on three schemes to watch for in the coming year and beyond. The schemes involve money mules, agentic bots, and phantom hackers.
Suzanne Sando, Javelin’s Lead Analyst in Fraud Management and a co-author of the report, hopes the study will prompt financial institutions to get in front of these scams before they get worse. But she is not optimistic. “We’re not going to see a dip in fraud and scam losses next year,” she said, “because I don’t think that we’re doing enough at all.”
The Changing Face of the Money Mule
There are multiple kinds of money mules. Some are 100% in on the scheme, while others may be turning a blind eye but suspect that what they are doing is not right. Some are scam victims who have been persuaded to complete a peer-to-peer transfer without getting paid for it. They don’t actually know that what they’re doing is a crime.
A younger group of consumers, ages 18 to 24, was asked what they would do if someone asked them to make a money transfer. Most said they would, especially if offered money to do so. There is a propensity for being willing to bend the rules a little bit for a payout, leading many people to become unwitting money mules.
Criminal mule ring organizations often reach out to college students or people who are out of jobs and looking for a quick payday. It often happens digitally, with a mobile check deposit through whatever channel the criminal has suggested. Or criminals will ask someone to go into a physical branch to deposit a check. Once the money is in the account, they can make their transfer or take cash out, or whatever the criminal requests.
Social Media Scams
We’re also seeing similar scam channels through a text message or email or a message through Facebook. Sometimes it’s a quick work-from-home job offer, something on the order of “I saw you were posting in the neighborhood group, and if you’re looking for some extra cash, I can help you out. All you have to do is this one little thing.”
“A lot of consumers who participate in mule activity don’t understand that what they’re doing is against the law and can result in fines and jail time,” Sando said. “Someone might say, ‘Hey, can you make this deposit for me? I’ll give you 50 bucks.’ So you think, well, who’s it going to hurt? It’s not going to hurt the bank. It’s not going to hurt me. It doesn’t feel like you’re really committing a crime. We have to explain to people that this is illegal and there are real repercussions for what you’re doing.”
Good Bot, Bad Bot
As agentic AI purchases come to the fore, they will present a whole new threat. How do we determine the difference between a good bot, an agent that’s actually making a legitimate purchase, and a bad bot that’s malicious and is doing something without a customer’s approval?
“You have certain behaviors that you can look for and certain signals,” Sando said. “But the fact of the matter is, a bot is a bot. They’re robotic. They act in a certain way that is not exactly like a human.”
A malicious bot that makes 500 quick purchases of the same product is obviously going to look suspicious, as opposed to an agent that should take some time to browse. But banks and merchants may not be ready to make those subtle distinctions.
“Either it’s an agent that is making this purchase on behalf of the consumer, or it’s the consumer themselves,” Sando said. “Those are the only two legitimate options in that scenario. If it’s anything else, we’ve got a problem. There has to be some sort of acknowledgment that this is an agent buying something on behalf of a consumer.”
Imitating the Bots
Sando thinks we are going to see criminals imitating agent bots. Criminals will code their own agents to impersonate a Visa agent and send a text or an email saying, “This is Visa’s new agent. Click here to sign up.” Conversely, a competitor agent might dangle an introductory offer for using the service. They can steal not only the victim’s money but also their personal financial information.
“We’re in for a world of hurt if we are not ready to put the controls in place and have a good understanding of what this means for a bank or a merchant,” Sando said. “If you’re not using bot detection, at the very least, I hope you’ve got something else running in the background that can still analyze those behaviors and those actions to make a more informed decision on who is actually making this purchase.”
Phantom Hacker Scams
The latest elaborate scheme is the phantom hacker scam. A criminal will reach out to a targeted victim through a phone call or a chat window, claiming to be technical support and saying that the victim’s computer has been hacked. The victim is prompted to download software, allowing the scammer to remotely access the computer, including the target’s financial accounts. Then, a criminal posing as an employee from the selected financial institution tells the victim that they need to move their money to a safe place, such as a fake Federal Reserve or government agency account. To add a false sense of legitimacy to the scheme, a third scammer steps in to pose as a government agent.
Having these extra stages and different people making contact adds legitimacy to what feels like a serious scenario.
“If someone contacts you for a tech support issue and says your computer’s been hacked, right off the right off the bat you might say, oh, this doesn’t seem legit,” Sando said. “But if someone from your bank calls you and they’re using phone masking on your cellphone and it’s showing X bank, not everybody in that moment is going to think, ‘I should actually call my bank, rather than do whatever they tell me.’”
The initial targets for these scams were seniors and older consumers, but Sando thinks the criminals are poised to move beyond that.
“They might start focusing on the more tech-savvy, the people who are willing to take risks with their payment technology, who are willing to try out an agentic purchase situation,” she said. “Because this is a newer technology, you don’t have that built-in history to know whether or not something is right or wrong.”
Communication Is Key
What remedies do we have for these new scams? The first thing that must happen is more collaboration within the bank itself, between the groups that handle fraud and the groups that handle any money laundering.
“Once you get these two groups to talk to each other and share information, you will see a reduction in successful money muling,” Sando said. “And you may also then, in turn, see a successful reduction in some of these fraud typologies.”
