First-party fraud now top global threat, outpacing scams

LexisNexis Risk Solutions has reported that first-party fraud has overtaken scams to become the most prevalent form of cyberattack globally.

The company's annual Cybercrime Report analyses more than 104 billion global transactions on its Digital Identity Network for the year 2024. The findings indicate a notable shift in fraud trends, with first-party fraud now accounting for 36% of all reported fraud, a significant increase from 15% in 2023.

First-party fraud involves individuals misrepresenting or providing false information for personal financial gain. Examples include claiming a credit card transaction as fraudulent to obtain a refund, asserting non-receipt of purchased goods, or falsifying details on loan applications. Sectors highlighting an upswing in this type of fraud include financial institutions and Buy Now, Pay Later providers. The report suggests that periods of inflation and rising living costs may be contributing factors, with mounting regulatory requirements for scam reimbursement potentially influencing these patterns.

According to the report, "These findings represent a notable shift in global fraud patterns, with consumers now emerging as the single largest source of human-initiated fraud," said Stephen Topliss, Vice President of Fraud and Identity at LexisNexis Risk Solutions. "The change in composition of attacks presents a significant challenge for fraud prevention since detecting first party fraud requires a subtly different approach from detecting scams or account takeovers. Organizations can't afford to be complacent, however – there were more than three billion brute-force automated account takeover attacks detected last year alone and scams remain a global problem. It is vital for organizations to have models tuned to detect these varied forms of fraud."

Account takeover (ATO) fraud, often the result of phishing and smishing attacks, comprised 27% of total fraud cases. This reflects a slight decline of roughly 2% compared to the prior year. Scams, including authorised push payment (APP) fraud, represented 11% of fraud incidents, down from 16% in 2023. The analysis also shows that one in nine password reset attempts worldwide in 2024 involved attempted fraud. Attempts initiated from desktop computers were riskier, with more than one in four of these flagged as fraud attacks.

While the overall global human attack rate rose only marginally by 1% in 2024, the report recorded a 15% decrease in global automated bot attacks—instances where software attempts to penetrate accounts using stolen credentials. Despite this, the report cautions that the appearance of stability in global attack rates does not necessarily signal a safe environment, noting "underlying signs of a coming storm powered by AI."

Sectors were affected differently. The Communication, Mobile, and Media sector saw its attack rate climb by 15%, while Financial Services firms worldwide experienced an 18% increase in automated bot attacks.

Attack rates also varied by region. EMEA (Europe, Middle East, and Africa) posted the lowest regional attack rate globally at 0.6% of transactions based on the LexisNexis Identity Abuse Index. LATAM (Latin America) saw its attack rate decrease to 1.6%, now below North America's 2.2%. In contrast, the Asia-Pacific (APAC) region experienced a significant increase, with the attack rate rising 37% across 2024, amounting to 1.5% of transactions in the region.

Stephen Topliss noted, "We are at a potential tipping point. While many organizations have improved their defenses over the past few years, we also know that cybercriminals are embracing new innovative, AI-enhanced capabilities and we will likely see these extensively tested and executed over the coming months. Our analysis of attacks over a longer multi-year period shows that significant attacks often come in waves and this latest set of figures could indicate the imminent arrival of the next, AI-enabled wave of global attacks."

The report's findings are based on real-time analysis of digital interactions across a spectrum of activities, including account creation, logins, payments, and password resets, as observed through the LexisNexis Digital Identity Network in 2024.