2024, the year of Fraud-as-a-Service

Issue 1 2025 Information Security

AU10TIX released its 2024 Report on Global Identity Fraud. Drawing insights from millions of transactions processed around the globe from January to December 2024, the report uncovers significant trends in large-scale organised identity fraud. The report, titled 2024: The Year of Fraud-as-a-Service (FaaS) outlines how ‘the industry’s dark engine’ offers user-friendly fraud kits that enable amateurs to execute complex attacks against thousands of accounts in minutes.

“FaaS has elevated cybercrime, enabling a whole cohort of the population to join in on global fraud by launching large-scale attacks involving up to 8000+ incidents,” said Dan Yerushalmi, CEO of AU10TIX. “Using AI-driven tactics such as deepfake selfies and synthetic identities, organised fraudsters are testing traditional security measures like never before. Only by adopting more advanced fraud prevention techniques and multi-layered defences can businesses stay ahead of emerging threats and strengthen trust with their users.”

FaaS platforms provide all the tools, templates and automation that fraudsters need to commit widescale identity fraud, deepfakes, and cyberattacks, including:

• Deepfake generators to create synthetic selfies and videos.

• Botnets to automate mass-scale account creation and takeover.

• Phishing kits for email and web-based scams.

• Dark web marketplaces: a hub for buying stolen data.

Mega attack of 4580 unique permutations

In one instance, AU10TIX detected a single mega attack spanning four geographies (APAC, EMEA, LATAM, NA) and three industries (payments, crypto, social media). It involved 4580 unique permutations of the same ID template and had all the markings of a FaaS-enabled attack.

APAC led the pack as the epicentre of 2024’s mega attacks, taking 88% of the overall share.

Other 2024 trends

Social media became a critical battleground for fraud and misinformation in 2024, with a surge of activity related to elections, international conflicts, and other hot-button topics. Users also increasingly leveraged these platforms for e-commerce, which opened the door for fraudsters to conduct illicit activities that were once confined to payments, banking, crypto, and other fintech platforms. As a result, 30% of identity fraud attacks targeted social media in Q4, compared to a mere 3% in Q1.

As fraud increased on social media platforms, it declined in the payments sector, historically the most targeted industry. Payments saw 54% of attacks in Q1, but the number had declined to 43% by Q4 due to stricter law enforcement. Attacks against the crypto sector also decreased to 24% and stabilised following the implementation of MiCA regulations in 2023 [EU regulations that establish uniform market rules for crypto-assets – Ed.].

Key takeaways

AU10TIX’s 2024 report offers three actionable insights to help organisations protect against identity fraud:

1. Social media platforms must invest in smarter fraud detection. Enhanced selfie and fraud detection tools are necessary to protect social media engagement, ensure account authenticity, and prevent the risks posed by fake accounts.

2. Engage in transparent collaboration. Consortium validation and visual fraud simulations are powerful tools against FaaS-driven mega attacks. Organisations can leverage consortium insights to add a robust second layer of protection and risk mitigation.

3. Be proactive. Do not just react to what is happening now; prepare for what is coming next. Futureproofing means adopting AI-driven validation and multi-layer defences to combat deepfakes, synthetic identities, and emerging threats.

The report is available at https://tinyurl.com/39ahbxpu




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...
Cybersecurity in South Africa
Information Security
According to the Allianz Risk Barometer 2025, cyber incidents, including ransomware attacks, data breaches and IT outages, are now the top global business risk, marking their fourth year at the top.

Read more...
Are AI agents a game-changer?
Information Security
While AI-powered chatbots have been around for a while, AI agents go beyond simple assistants, functioning as self-learning digital operatives that plan, execute, and adapt in real time. These advancements do not just enhance cybercriminal tactics, they may fundamentally change the battlefield.

Read more...
Disaster recovery vs cyber recovery
Information Security
Disaster recovery centres on restoring IT operations following events like natural disasters, hardware failures or accidents, while cyber recovery is specifically tailored to address intentional cyberthreats such as ransomware and data breaches.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
The rise of AI-powered cybercrime and defence
Information Security News & Events AI & Data Analytics
Check Point Software Technologies launched its inaugural AI Security Report, offering an in-depth exploration of how cybercriminals are weaponising artificial intelligence (AI), alongside strategic insights defenders need to stay ahead.

Read more...
The deepfake crisis is here and now
Information Security Training & Education
Deepfakes are a growing cybersecurity threat that blur the line between reality and fiction. These AI-generated synthetic media have evolved from technological curiosities to sophisticated weapons of digital deception, costing companies upwards of $600 000 each.

Read more...
What does Agentic AI mean for cybersecurity?
Information Security AI & Data Analytics
AI agents will change how we work by scheduling meetings on our behalf and even managing supply chain items. However, without adequate protection, they become soft targets for criminals.

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...