2024, the year of Fraud-as-a-Service

Issue 1 2025 Information Security

AU10TIX released its 2024 Report on Global Identity Fraud. Drawing insights from millions of transactions processed around the globe from January to December 2024, the report uncovers significant trends in large-scale organised identity fraud. The report, titled 2024: The Year of Fraud-as-a-Service (FaaS) outlines how ‘the industry’s dark engine’ offers user-friendly fraud kits that enable amateurs to execute complex attacks against thousands of accounts in minutes.

“FaaS has elevated cybercrime, enabling a whole cohort of the population to join in on global fraud by launching large-scale attacks involving up to 8000+ incidents,” said Dan Yerushalmi, CEO of AU10TIX. “Using AI-driven tactics such as deepfake selfies and synthetic identities, organised fraudsters are testing traditional security measures like never before. Only by adopting more advanced fraud prevention techniques and multi-layered defences can businesses stay ahead of emerging threats and strengthen trust with their users.”

FaaS platforms provide all the tools, templates and automation that fraudsters need to commit widescale identity fraud, deepfakes, and cyberattacks, including:

• Deepfake generators to create synthetic selfies and videos.

• Botnets to automate mass-scale account creation and takeover.

• Phishing kits for email and web-based scams.

• Dark web marketplaces: a hub for buying stolen data.

Mega attack of 4580 unique permutations

In one instance, AU10TIX detected a single mega attack spanning four geographies (APAC, EMEA, LATAM, NA) and three industries (payments, crypto, social media). It involved 4580 unique permutations of the same ID template and had all the markings of a FaaS-enabled attack.

APAC led the pack as the epicentre of 2024’s mega attacks, taking 88% of the overall share.

Other 2024 trends

Social media became a critical battleground for fraud and misinformation in 2024, with a surge of activity related to elections, international conflicts, and other hot-button topics. Users also increasingly leveraged these platforms for e-commerce, which opened the door for fraudsters to conduct illicit activities that were once confined to payments, banking, crypto, and other fintech platforms. As a result, 30% of identity fraud attacks targeted social media in Q4, compared to a mere 3% in Q1.

As fraud increased on social media platforms, it declined in the payments sector, historically the most targeted industry. Payments saw 54% of attacks in Q1, but the number had declined to 43% by Q4 due to stricter law enforcement. Attacks against the crypto sector also decreased to 24% and stabilised following the implementation of MiCA regulations in 2023 [EU regulations that establish uniform market rules for crypto-assets – Ed.].

Key takeaways

AU10TIX’s 2024 report offers three actionable insights to help organisations protect against identity fraud:

1. Social media platforms must invest in smarter fraud detection. Enhanced selfie and fraud detection tools are necessary to protect social media engagement, ensure account authenticity, and prevent the risks posed by fake accounts.

2. Engage in transparent collaboration. Consortium validation and visual fraud simulations are powerful tools against FaaS-driven mega attacks. Organisations can leverage consortium insights to add a robust second layer of protection and risk mitigation.

3. Be proactive. Do not just react to what is happening now; prepare for what is coming next. Futureproofing means adopting AI-driven validation and multi-layer defences to combat deepfakes, synthetic identities, and emerging threats.

The report is available at https://tinyurl.com/39ahbxpu




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.