Blog

What 22,000 Fraud & Cyber Crime Operator Signals Reveal About the State of Bank Attacks

Boaz Valkin — Tue, 28 Apr 2026 05:10:14 GMT

On Telegram channels and dark web forums, operators trade phishing kits like SaaS subscriptions, sell stolen identities by the bundle, and rent OTP-bot platforms by the hour. What used to require skill, infrastructure, and patience is now a checkout flow. The barrier to running a sophisticated scam against a major bank has collapsed to a few hundred dollars and a willing buyer with some free time. We’ve spent time inside these operator networks and wanted to share a snapshot of what we saw over the past 6 weeks.

Where the signal comes from

FALKIN monitors the infrastructure that fraud operators use to organise their work. We watch channels where phishing kits are sold and rooms where OTP bots relay live SMS codes in seconds. We’re also in forums where stealer logs, card dumps and identity bundles trade hands.

Over the last six weeks, FALKIN has collected 22,661 bank-tagged signals across Telegram channels, dark web forums, and live attack infrastructure. Each signal represents a discrete, classified operator action:

a phishing kit listed for sale,
a stealer log posted with bank-specific customer data,
an OTP bot active against a named institution, or
a fullz bundle advertised with routing details.

Signals were classified by typology and attributed to operator region where confidence was high enough to assign. The numbers below reflect what operators were doing, not just what they were advertising

What operators are actually trading

Of the 22,000 signals, account takeover and credential harvesting is by far the largest category, at 69.2% of classified signals. OTP interception sits in second place at 17.3%. Card and CVV trade accounts for 7.3%, identity theft and fullz 5.1% and APP mule infrastructure 1.1%. (Definitions at end of article)

This breakdown is a direct reflection of where operators are spending most of their collaborative efforts based on the financial opportunity. The overwhelming majority of the visible trade is in stolen credentials and the live interception of authentication codes that are meant to protect the credentials.

Overall typology distribution across 22,661 bank-tagged signals collected in March 2026.

US, UK, and Neobanks are attacked differently

As you unpack the data, you see that the attack vectors across markets are structurally different and therefore the defence strategies should not be copy-pasted across segments.

US banks are credential-dominated. Account takeover and credentials account for roughly 72% of classified US signals, with OTP interception a significant secondary vector at 19%. US banks remain heavily exposed because SMS OTP is still the dominant second factor, and real-time phishing panels and OTP-bot-as-a-service platforms have industrialised the interception of those codes.

The defensive implication is equally direct. Continuing to rely on SMS OTP as a second factor while OTP-bot-as-a-service platforms operate at industrial scale is not a neutral choice, it's an active subsidy to the attack. The path forward is device-bound authentication, the same transition UK banking has already made. The US market knows this. The gap is execution speed.

UK banks are identity-dominated. The UK picture is the most strategically interesting finding in this dataset, and the most underappreciated risk in the market. Identity theft and fullz is the single largest UK typology at 57% of classified signals, with account takeover at 27% and card trade at 16%. UK banking has largely solved the OTP problem with device-bound authentication and biometric second factors have made SMS interception nearly unviable, which is why OTP signals in the UK dataset are effectively zero.

But operators don't retire. They adapt. When you remove the second factor as an attack surface, the fraud pressure migrates upstream to the first factor: identity itself. Synthetic identity construction, blending a genuine ID from a low-activity victim (a child, an elderly person, a recent immigrant) with fabricated supporting details is now the primary UK operator investment. The goal is fraudulent account opening: passing KYC not by stealing access to an existing account, but by manufacturing a convincing new person.

The defensive implication is direct. If your institution has invested heavily in authentication security and seen credential-based fraud fall, don't read that as a solved problem. Read it as displacement. The attack surface didn't disappear, it moved to onboarding.

Neobanks are card-heavy. Card and CVV trade is the top neobank typology at 46%, with credentials at 41% and identity at 13%. The OTP signal that shows up in the neobank surface is payment-authorisation SMS codes intercepted via malware on compromised devices, which is a card fraud vector rather than an account takeover vector.

The defensive implication here is about card controls and compromise velocity, not authentication. Neobanks with real-time card freeze, granular merchant controls, and low-friction dispute flows are compressing the window between compromise and cashout. Those without are absorbing losses that are structurally preventable.

Same underlying fraud economy, three very different attack profiles.

Looking to contribute to collaborative anti-scam initiatives? GASA Working Groups bring members together to develop practical, real-world solutions.

Operator geography is specialised

Different operator regions specialise in different attack patterns, and each region’s specialism tells you something about how that ecosystem evolved.

West African operators are social engineering and OTP specialists. Account takeover and OTP interception make up roughly 80% of their combined activity. OTP interception requires live English-language phone calls impersonating bank fraud teams, and this region has that capability at scale.

Russia/CIS operators are infrastructure vendors. Their activity clusters around card and CVV trade (61%) and credential marketplaces (28%). These operators function primarily as wholesalers, selling stealer logs, phishing kits, and card bundles to downstream operators globally. Direct victim-interaction activity is markedly lower.

South East Asian operators run the most diversified mix. Card trade, credentials, OTP interception, APP mule infrastructure, and a notable crypto drainer presence all appear at meaningful share. This reflects the rise of scam compound operations in Myanmar, Cambodia, and Laos, where trafficked workers run multi-typology fraud under coercion.

Put differently: the operator region your institution is facing is a function of what kind of attack surface you expose. A bank fighting OTP-bot pressure is likely looking at West African threat actor infrastructure. A bank seeing coordinated card trade is almost certainly looking at Russia/CIS. A fintech with a mixed threat profile is likely in the South East Asian crosshairs.

Each operator region has a distinct specialism that reflects how that ecosystem evolved.

Why this is a growing problem for banks

For the last decade, the industry has spent its fraud budget in two places: the device layer (fingerprinting, device trust, malware signals) and the transaction layer (rules engines, anomaly detection). These are necessary. They are also increasingly insufficient as AI has changed the unit economics of running scams and the technical bar to do so. The layer that's now most exposed is the one that sits between the device and the transaction: the human.

The change we're observing in operator channels isn't primarily about volume, it’s about the collapse of the skill floor. The volume numbers are already striking: since ChatGPT launched, malicious phishing volume has surged by over 4,000% (SlashNext, 2024). But that statistic understates the real shift. A year ago, running a convincing English-language OTP-bot call against a US bank customer required an operator who could improvise, handle objections, and hold a plausible conversation under pressure. That's a scarce human skill.

Today, the call script is AI-generated, the voice is cloned from a short public audio sample for under $20 a month, and the objection handling is templated. The operator on the other end of that call can be anywhere in the world and barely speaks English. Adversary-in-the-middle attacks that once required specialist infrastructure can now be assembled in an afternoon with a cloned replica website, a Telegram channel for live coordination, and a voice bot handling the call. The attack surface this exposes isn't the device or the transaction. It's the phone call itself. Banks that still engage customers primarily via inbound and outbound calls, rather than authenticated in-app communication, are handing operators a channel they can't secure. We're not citing external statistics here, we're describing what we watched being built and sold in the channels we monitor. The infrastructure for AI-assisted social engineering is now a commodity product in the same marketplaces where phishing kits and stealer logs trade.

Why we publish this

The operators in this dataset don't work in isolation. The West African OTP specialist buys his phishing kit from a Russia/CIS vendor. The South East Asian compound worker runs scripts built by someone else entirely. The fraud economy is integrated and the supply chain is functional.

The defensive side is not. Banks share fraud data bilaterally when they have to, rarely proactively, and almost never across institution types. A neobank absorbing card fraud pressure from the same operator network hitting a high-street bank has no mechanism to know that.

That's the gap this report is trying to close, one month at a time. If you want to see how your institution appears in the operator signals we're monitoring, get in touch at partner@falkin.com

You can read the full March 2026 Trends report below.

About the Author

Boaz is CEO and Co-Founder of FALKIN, an embedded digital safety company working with banks and other financial institutions to stop scams before they happen. FALKIN combines threat intelligence and AI to offer a variety of customer facing prevention products.

Typology definitions

For reference, the seven categories used across the report are defined below.

TYPOLOGY	DEFINITION
Account Takeover & Credentials	Phishing kits, scam pages, harvested logins, browser cookies, and stealer-malware output (Redline, Lumma, Vidar, Raccoon). Also includes smishing infrastructure. The largest single category across the dataset.
OTP Interception	Two primary vectors. (1) Voice bots: Telegram-controlled bots that call victims impersonating bank fraud teams to extract live SMS one-time passcodes. (2) Real-time phishing panels: victim enters OTP on a scam page, operator replays it to complete the session hijack in seconds. Both target SMS-based second factors during active authentication flows.
Card & CVV Trade	Stolen card data (PAN + CVV), BIN lookups, and 3DS challenger tools used for high-value merchant abuse.
Identity Theft & Fullz	Complete real identity bundles (name, DOB, SSN or NIN, address, mother’s maiden name, sort code) used for two primary purposes: (1) fraudulent account opening, impersonating a real person to pass KYC, and (2) KBA bypass, answering knowledge-based authentication challenges to recover or take over existing accounts. Also includes synthetic identities: fabricated profiles blending real data (a genuine SSN from a child, elderly, or immigrant victim) with fictional details, engineered to pass automated KYC at banks and fintechs.
APP Fraud & Mules	Authorised Push Payment cashout layer: drop accounts, mule recruitment, and beneficiary routing infrastructure.
Business Email Compromise	Employee phishing, payroll diversion, W-2 theft, and executive impersonation infrastructure.
Crypto Drainers	Wallet draining kits, seed-phrase harvesting, and approval-exploit infrastructure targeting retail crypto holders.

A note on coverage Investment, purchase, and romance scams feature minimally in this dataset. These are heavy APP fraud use cases, but they rely on long-form one-to-one victim grooming and operate primarily through social media, messaging apps, and scam compound operations, outside the commodity-tooling marketplaces that form our collection surface. Their absence here is a collection-surface artefact, not evidence of low prevalence.

Reinventing Fraud Detection Through Digital Fingerprinting and Link Analysis

Global Anti-Scam Alliance (GASA) — Tue, 21 Apr 2026 03:21:20 GMT

Fraud detection systems are designed to assess risk at the level of individual transactions or accounts. However, this approach is becoming less effective as fraud becomes more complex.

Fraud is often spread across multiple accounts, devices, and interactions rather than appearing as a single event, making it difficult for traditional detection models to capture this kind of activity.

A white paper from Microsoft, Reinventing Link Analysis: How Digital Fingerprinting and LLMs Are Transforming Enterprise Fraud Detection, authored by Akhil Singhal and Sadhana Viswanathan, explores how combining digital fingerprinting with link analysis can shift fraud detection from isolated events to network intelligence across systems.

From Isolated Detection to Network Intelligence

Traditional approaches work well for known patterns, but are less effective when fraud is distributed across multiple entities.

This has led to a shift towards network intelligence, where relationships between entities are analysed to uncover hidden connections. Rather than asking whether a single transaction is fraudulent, this approach focuses on how multiple interactions relate to one another across time and systems.

Identifying the User Behind Fraud Activity

A central component of this approach is digital fingerprinting, which creates a probabilistic representation of a user based on device, network, and behavioural signals.

These signals can include device characteristics, IP attributes, environmental configurations, and interaction patterns. By analysing how a user behaves, rather than relying solely on static identifiers, organisations can move closer to identifying the individual operating the system.

Identifying the “user at the keyboard” enables more accurate classification of risk, particularly in cases where fraudsters rotate accounts or reuse infrastructure to evade detection.

Connecting Fraud Through Link Analysis

Once suspicious activity is identified, link analysis is used to uncover relationships across historical and real-time data.

By connecting shared attributes such as device identifiers, login credentials, IP addresses, and behavioural patterns, systems can construct a network of related entities. This allows organisations to identify not only the initial fraud signal but also other accounts and transactions that may be connected.

This approach supports earlier detection by enabling organisations to reassess previously approved activity and prevent further abuse. It also shifts detection from identifying individual events to exposing broader fraud networks.

Looking to contribute to collaborative anti-scam initiatives? GASA Working Groups bring members together to develop practical, real-world solutions.

The Role of LLMs in Detection

The paper also outlines how LLMs can enhance link analysis by introducing a reasoning layer on top of traditional rule-based systems.

Instead of relying solely on predefined rules, LLMs can interpret patterns across complex datasets, identifying relationships that may not be captured through static logic. This allows detection systems to adapt more effectively to evolving fraud behaviours while reducing the need for continuous manual rule updates.

Importantly, this layer operates alongside existing controls, supporting decision-making while maintaining governance and oversight.

What This Changes for Fraud Prevention

Together, digital fingerprinting and link analysis enable a shift from reactive detection to preventive disruption of fraud activity.

By identifying connections across users, devices, and transactions, organisations can detect coordinated behaviour earlier and respond at scale.

This approach also delivers clear operational benefits:

Higher fraud coverage by detecting coordinated networks
Reduced false positives through probabilistic fingerprinting
Faster response through automated linkage and blocking
Greater scalability across large datasets
Improved explainability through connected fraud relationships

Network-level intelligence offers a more resilient model for detecting and disrupting organised fraud.

From Detection to Disruption

The approach outlined in the paper reflects a broader transition in fraud prevention, where detection is no longer limited to individual events but extends to understanding how activity is connected across systems.

This allows organisations to act earlier and more consistently, addressing fraud patterns before they scale.

The full white paper explores these concepts in greater detail, including the underlying architecture and practical considerations for implementation.

Sign up for the GASA newsletter to receive regular updates on scam prevention, research, and best practices.

On the Frontlines: Fighting AI-Powered Scams & Fraud

Global Anti-Scam Alliance (GASA) — Mon, 20 Apr 2026 05:05:57 GMT

Date of Event: 14 April 2026
Event: GASA Meet-Up

Scammers are rapidly adopting artificial intelligence to scale and refine their operations, making fraud more convincing, targeted, and difficult to detect. While much of the public conversation focuses on deepfakes, the reality is far broader. This GASA meet-up explored how AI is being actively used across the scam ecosystem, and what organisations can do to stay ahead of these evolving threats.

The session brought together experts from leading technology companies and research organisations to share frontline insights. Drawing on real-world intelligence from platforms and investigations, the discussion focused on how fraudsters are operationalising AI today, and how the same technologies can be leveraged to strengthen detection, prevention, and response.

Speakers

Dora Cheng, Principal Product Manager – Microsoft
Jack Stubbs, Intelligence & Investigations – OpenAI
Aparajitha Vadlamannati, Public Policy Manager, Search Quality – Google
Mollie Zapata, Senior Director of Analysis – C4ADS
Jorij Abraham, Managing Director – Global Anti-Scam Alliance (Moderator)

At the same time, the panel underscored that AI is also a critical part of the solution. Advanced detection systems, behavioural analysis, and cross-platform intelligence sharing are already helping organisations disrupt fraud networks more effectively. However, no single organisation can address this challenge alone. Collaboration between technology companies, governments, and industry stakeholders remains essential to counter increasingly sophisticated scam operations.

The session reinforced a central theme: as scammers continue to operate like coordinated global networks, defenders must do the same. By combining intelligence, technology, and shared expertise, organisations can build stronger, more adaptive defences against AI-driven fraud.

Watch the full discussion below to learn how organisations are tackling AI-powered scams on the frontlines.

Telecoms on the Front Line: GASA at the Stimson Center Dialogue on Combating Scams

Global Anti-Scam Alliance (GASA) — Tue, 14 Apr 2026 03:31:53 GMT

Last week at the Stimson Center, leaders from across the telecom, technology, and policy communities gathered to continue to address the hard truth: scams are no longer a fringe cybercrime issue—they are a systemic, global threat embedded in the communications infrastructure we all rely on.

In opening remarks at the Dialogue on Disrupting Scams in the Telecoms Sector, Global Anti-Scam Alliance (GASA) North America Chapter Director Nils Mueller grounded the conversation in data. The numbers are staggering: more than half of adults globally report experiencing a scam in the past year, with estimated annual losses between $442 billion and $1 trillion.

But beyond the scale of the problem, emphasized something even more urgent: if we are going to protect consumers effectively, we have to stop more scams where they begin.

Scams don’t start with a bank transfer.
They don’t start on a crypto exchange.

They start with a message. A phone call, a text message, an email. An unexpected point of contact that feels just real enough to engage.

According to GASA’s Global State of Scams 2025 Report, telecommunications channels—voice and SMS in particular—remain a predominant “front door” for scams.

A Critical Intervention Point

This reality places telecommunications providers on the front lines of scam prevention. As Mueller noted at the event, stopping scams at the point of contact - before a victim is ever engaged - represents one of the most effective ways to reduce harm at scale.

Panelists at the Stimson Dialogue made it clear that progress is happening:

Industry efforts are advancing. Josh Bercu shared insights from the Industry Traceback Group’s work to improve call authentication frameworks and traceback initiatives to identify and shut down bad actors.
Technology innovation is accelerating. Eugene Liderman demonstrated how Google is already using AI to detect, flag, and intervene effectively with Android phone users during scam calls and texts in real time.
Public-private collaboration is proving effective. Hubert Han shared how public-private partnerships have strengthened telecom security and raised consumer awareness in Singapore.

The Work Ahead

Despite these advances, speakers were clear: much more remains to be done.

Scammers continue to exploit gaps across jurisdictions, technologies, and regulatory frameworks. The increasing use of AI by bad actors is also raising the stakes, enabling more convincing impersonation and faster iteration of scam tactics.

To keep pace, participants emphasized that we need to continue advancing our strategies and improving our tools to:

Detect and block spoofed or suspicious communications before they ever reach a consumer
Deploy real-time analytics to identify scams in progress
Strengthen onboarding and due diligence to prevent bad actors from exploiting networks
Share intelligence across borders and sectors to disrupt scam operations at scale

The Path Forward: Shared Responsibility

The conversation at the Stimson Center made one thing clear: no single actor can solve this alone. But collective action is both possible—and urgent.

GASA’s research shows that, as AI helps criminals to create increasingly believable scam communications, consumers are looking to their providers and institutions to better protect them against scams.

Telecom providers have a unique and powerful opportunity to act as a first line of defense. But as the Stimson Center dialogue made clear, meaningful progress will depend on aligning innovation, policy, and industry action. By working together across sectors and borders, stakeholders can significantly reduce the volume of scam attempts—and the harm they cause.

Through its research, thought leadership, and network convenings, GASA continues to work to promote what’s needed:

Expanded adoption of existing best practices, e.g. call authentication, network-level blocking, and real-time detection
Continued investment in innovation, including AI-driven defenses that can match the scale and sophistication of modern scams
Outcome-oriented cross-sector collaboration between telecom providers, technology companies, financial institutions, civil society organizations, and governments
Greater global coordination, particularly to address cross-border scam operations

What can you do? Connect with our team if you’re interested in getting involved and being part of the solution.

The GASA North America Chapter brings together several leading organizations across the region to address scams and fraud. Learn more about the chapter and membership.

GASA will continue to build on these discussions through its global convenings, bringing together leaders across sectors to drive coordinated action against scams.

Global Anti-Scam Summit Europe 2026
9–10 June 2026
Convento do Beato, Lisbon, Portugal

Global Anti-Scam Summit America 2026
2–3 September 2026
Pier 48, San Francisco, California

Global Anti-Scam Summit Asia 2026
10–11 November 2026
Pullman Bangkok King Power, Bangkok, Thailand

What Really Works in Preventing Fraud Against Older Adults? Insights from Frontline Practitioners

mark.button@port.ac.uk (Prof. Mark Button) — Tue, 07 Apr 2026 04:34:41 GMT

Fraud has quietly become the UK’s most common crime, now making up nearly 40% of all offences. And while people of all ages are targeted, older adults face some of the most severe consequences — losing more money, suffering greater emotional distress, and often receiving the least support. Yet despite the scale of the problem, there is still surprisingly little solid evidence about what truly works to prevent scams.

A recent study, Practitioner Perspectives on What Works in Preventing Fraud Against Older Adults, set out to bridge that gap by asking the people closest to the issue – fraud prevention experts, police officers, NGOs, financial professionals, and government specialists – what they believe is most effective in protecting older adults. Drawing on interviews with 17 practitioners and survey responses from over 300 professionals, the study offers a rare, practice-based insight into what works, what doesn’t, and where efforts should shift.

The findings show that while fraud prevention is complex, certain strategies stand out as consistently effective.

1. Tech That Blocks Scammers Before They Reach the Door

One message came through loud and clear: technology that disrupts scammer communication works.

Tools like spam detectors, call‑blocking apps, and real‑time banking alerts were viewed as some of the most effective ways to prevent fraud. These tools intervene early — often before an older adult even realises a scam attempt has occurred.

Practitioners noted that:

Real‑time transaction alerts help people spot unexpected withdrawals or suspicious activity.
Call‑blocking tools reduce exposure to phone‑based scams, which remain a key method used against older adults.
Mobile apps that combine multiple features — such as scam call blocking, malware detection, and transaction monitoring — are becoming especially valuable.

The benefit of these tools is simple: they reduce the need for individuals to evaluate whether a message, call, or alert is genuine. In a landscape where scams look increasingly convincing, this barrier is essential.

2. Education Works — But Only When It’s Specific

Mass advertising campaigns and generic warnings don’t significantly reduce fraud. Practitioners overwhelmingly agreed that education only works when it’s highly targeted.

The most effective approaches include:

Personalised, one‑to‑one training
Alerts tailored specifically for older adults
Campaigns focused on emerging scam types
Community‑based talks where people can ask questions and share experiences

What doesn’t work?

Broad “be aware of scams” campaigns, phishing tests that shame participants, and generic websites that overwhelm with information.

Crucially, older adults respond best when the messenger is someone they trust — family members, community organisations, police, or dedicated NGOs.

Looking to contribute to collaborative anti-scam initiatives? GASA Working Groups bring members together to develop practical, real-world solutions.

3. Banks and Care Professionals Are on the Front Line

The single most effective fraud‑prevention method identified in the study was intervention by trained bank staff. When employees recognise the signs of active fraud — a rushed transfer, unusual behaviour, a distressed customer — they can step in and prevent losses.

Similarly, care professionals, from nurses to social workers, often spot early warning signs that family or friends might miss. Their intervention can stop fraud in its early stages, especially in cases of long‑running scams or coercion.

Data analytics, account‑level risk flags, and behaviour‑based alerts further strengthen banks’ ability to detect suspicious transactions before they escalate.

4. Partnerships Are Powerful — But Not Yet Visible

Practitioners strongly support national and local partnerships across police, NGOs, banks, and tech companies. Yet surprisingly, most said they weren’t aware of existing collaborations.

The desire for coordinated, well‑funded, visible partnerships is clear. Professionals want structured networks where:

New technology can be tested and rolled out
Community support can be scaled
Public awareness campaigns can align
Innovations can be evaluated and shared

Without coordination, promising approaches remain isolated and underused.

Why This Matters

Fraud is evolving quickly, and older adults are increasingly exposed as they use more digital services. While there is still a lack of rigorous scientific trials, insights from those on the ground offer valuable direction.

This research suggests the future of effective fraud prevention lies in:
Smarter technology that blocks scams automatically
Personalised, trusted education
Strong intervention roles for banks and care professionals
Better‑coordinated nationwide partnerships

And while more high‑quality evaluation is badly needed, these practitioner insights offer a meaningful starting point — evidence‑informed strategies that can be put into practice now to help protect older adults from one of today’s most pervasive crimes.

The full article can be read at Button, M., Karagiannopoulos, V., Shepherd, D., Kirby, A., Lee, J., Suh, J. B., ... & Koh, C. S. (2026). Practitioner Perspectives on What Works in Preventing Fraud Against Older Adults. Journal of Economic Criminology, 100213. https://www.sciencedirect.com/science/article/pii/S2949791426000084

Sign up for the GASA newsletter to receive regular updates on scam prevention, research, and best practices.

About the Author

Professor Mark Button is Professor of Criminology and Director of the Centre for Cybercrime and Economic Crime at the University of Portsmouth. His work focuses on fraud, cybercrime, and economic crime prevention, with a particular interest in the role of non-state actors in policing and security.

Brazil’s BC Protege+ Blocks Fake Bank Accounts Before They Can Be Opened

james.greening@gasa.org (James Greening) — Tue, 31 Mar 2026 07:00:00 GMT

Financial institutions are facing increasing exposure to identity-based account fraud, particularly where onboarding relies on remote verification. Stolen documents, synthetic identities and manipulated facial data are being used to open accounts without the knowledge of the individual concerned. Biometric checks alone are not always sufficient when identity data has already been compromised.

In response to this risk, the Central Bank of Brazil introduced BC Protege+. The tool allows individuals to proactively block the opening of new bank accounts in their name across the financial system, adding a preventive layer to existing onboarding controls.

Within its first month of operation, the Central Bank reported that more than 111,000 attempted fraudulent account openings were prevented. As of February 2026, the BC Protege+ service has reached 1 million activations.

Why Identity-Based Account Fraud Requires Structural Controls

Account opening fraud is not limited to isolated incidents. Once identity data is compromised, it can be reused across multiple institutions, allowing fraudulent accounts to be created at scale.

International cases have shown how deepfake technology can be used to bypass selfie and biometric onboarding systems. In one case in Amsterdam, a man used deepfake images of his own face together with stolen identity documents to open 46 bank accounts. Once opened, these accounts may be used for money mule activity, laundering scam proceeds or facilitating further fraud.

These patterns expose a structural weakness. Once identity data has been compromised, the only point at which fraud can be stopped is during onboarding. If manipulation is not detected at that moment, an account can still be opened in the victim’s name.

How BC Protege+ Works

BC Protege+ introduces a system-wide restriction mechanism managed centrally by the Central Bank.

Through the official portal, individuals and businesses can:

Log in using their government digital identity credentials
Activate a block on new current and savings account openings
Review a history of activations and deactivations
See which financial institutions have consulted their status

Once activated, the restriction is automatically communicated to participating financial institutions. The block remains in place until the individual chooses to deactivate it.

The service is free and can be activated or cancelled at any time by the user.

This model shifts part of fraud prevention upstream. Rather than relying solely on institutions to detect manipulation during onboarding, it enables individuals to stop fraudulent account creation before an application succeeds.

A Model With Replication Potential

BC Protege+ reflects a broader evolution in fraud prevention design. Rather than relying exclusively on biometric detection or institutional monitoring, it introduces a shared-responsibility model in which individuals can activate a recognised protective status across the banking system.

This approach changes the risk model in several ways:

It creates an upstream barrier before fraudulent accounts are created
It reduces reliance on biometric-only onboarding controls
It limits the supply of mule accounts used to receive scam proceeds
It formalises coordination between central authorities and financial institutions

For jurisdictions facing rising identity fraud or AI-enabled impersonation, a centrally managed blocking mechanism offers a structural complement to Know Your Customer and biometric safeguards.

Implementation will depend on national legal frameworks, digital identity infrastructure and institutional coordination. However, the Brazilian model demonstrates that preventive identity controls can be embedded at system level rather than applied institution by institution.

Looking to contribute to collaborative anti-scam initiatives? GASA Working Groups bring members together to develop practical, real-world solutions.

What This Development Demonstrates

BC Protege+ illustrates how central authorities can introduce preventive mechanisms that reduce fraud opportunities before harm occurs. By enabling individuals and businesses to activate a system-wide restriction, the model shifts part of identity protection upstream and distributes responsibility across the financial ecosystem.

As identity misuse becomes more sophisticated, structural controls that operate across institutions may become increasingly relevant. Brazil’s approach demonstrates how preventive design can strengthen financial integrity without relying solely on post-incident enforcement.

About the Author

James Greening is a Digital Content Manager at the Global Anti-Scam Alliance (GASA), where he writes on cyber-enabled fraud and developments in the global fight against online scams. He previously founded Fake Website Buster, a project dedicated to identifying and raising awareness of fraudulent websites.

From Vienna to Global Action: Key Takeaways from the UN Global Fraud Summit

Global Anti-Scam Alliance (GASA) — Fri, 27 Mar 2026 07:26:19 GMT

Date of Event: 16 -17 March 2026
Event: Global Fraud Summit

On March 16–17, global leaders convened in Vienna for the UN Global Fraud Summit, hosted by UNODC, where GASA was proud to serve as a key supporter. With over 1,300 participants from more than 100 countries, spanning government, law enforcement, financial services, technology, and international organizations, one message was unmistakable: Fraud is global, organized, and accelerating. Likewise, our response must be ever more coordinated, connected, and operational. A strong Call to Arms agreed at the summit demonstrates that fraud is now embedded as a key international security and organized crime priority, and our efforts need to reflect that.

Across plenaries, expert panels, and working sessions, the summit focused on advancing public-private partnerships in action, strengthening global coordination, and moving from dialogue to implementation.

As the Global Anti-Scam Alliance (GASA) aims to bringing together actors from public and private sectors, across jurisdictions and industries, we were proud to contribute to these discussions. The next stage is now to actively work out how to deliver on these priorities at our upcoming Global Anti-Scam Summits in Lisbon (June), San Francisco (September), and Bangkok (November).

Public-private partnership in action

A central theme throughout the summit was the urgent need to move beyond siloed efforts. Fraud networks operate seamlessly across borders, sectors, and modalities. Yet, our defenses remain fragmented, often inhibited by jurisdictional, legal, and operational barriers.

The Summit featured over 53 side-events which reinforced that the next phase of anti-fraud efforts must be built on true public-private collaboration, not just as a concept but as a live operational model. This was reflected in a highly ambitious world-first, a Global Public Private Partnership on Fraud, which includes principles of joint action, including:

Shared responsibility for tackling fraud
Proactive and coordinated prevention
Joint intelligence and data sharing between industry and law enforcement
Stronger victim support frameworks
Education for public and businesses
A strong focus on innovation and adaptability in the face of an ever-changing threat

Where data is increasingly collected and shared between public and private sectors, for example through the Global Signal Exchange, it is becoming imperative to shift our mindset from data sharing to data activation. As Chris Compton from Microsoft captured succinctly:

We must start turning insights into measurable disruption.

From frameworks to real-world action

Beyond strategy, the summit highlighted tangible examples of what effective government and law enforcement collaboration looks like in practice. A standout case was Nigeria’s Joint Case Team on Cybercrime (JCTC), an inter-agency model bringing together:

Law enforcement
Financial intelligence units
Prosecutors
The judiciary

This integrated approach, similar to the concept of national anti-scam centers, significantly accelerates investigations and case handling, demonstrating how breaking down institutional silos leads directly to operational impact. Additionally, these centres can then bring international partners on board to have much more effective global operations to target the ringleaders of fraud gangs.

These models signal a shift from fragmented response to coordinated systems-level defense; which is becoming ever more instrumental in the fight against scams.

The rise of AI-driven scams

Another urgent theme across multiple sessions: the rapid evolution of AI-enabled fraud. We are no longer preparing for this shift, we are already in it. AI-driven scams are:

More convincing (e.g. with deepfakes)
More scalable (e.g. the rapid onset of agentic AI)
Significantly more effective (with success rates reportedly 4–5x higher than traditional scams, according to INTERPOL’s latest research)
Easier to coordinate and more difficult to disrupt

This creates a dual reality:

A rapidly escalating threat landscape
A powerful opportunity to deploy AI defensively

Tools like our recently launched Scam.org demonstrate how AI can be used to educate, support victims, and strengthen prevention at scale. The key question moving forward is not whether AI will shape fraud... but who will use it more effectively.

What’s next: from Vienna to Lisbon and beyond

The conversations in Vienna marked a significant step forward, but they are only the beginning. At GASA, we are committed to turning these insights into concrete, coordinated action.

This continues at our upcoming Global Anti-Scam Summits, in Lisbon (June), San Francisco (September), and Bangkok (November). These summits are where strategy meets execution, and where the global community comes together to turn collaboration into impact.

If Vienna made one thing clear, it’s this: The fight against scams will not be won in isolation. It will be won through coordinated, global action. And the time to act is now.

Explore our upcoming events & webinars to continue the conversation, or browse past sessions for deeper insights into evolving scam threats.

League of Protectors: Women Fighting Against Scams

Global Anti-Scam Alliance (GASA) — Wed, 25 Mar 2026 10:36:44 GMT

Date of Event: 25 March 2026
Event: GASA Meet-Up

Scams are no longer isolated incidents. They are fast, organized, emotionally manipulative, and increasingly designed to exploit trust at scale. And for many women, the impact goes far beyond financial loss; affecting confidence, safety, and peace of mind.

That was the focus of League of Protectors: Women Fighting Against Scams, GASA’s International Women’s Month webinar, which brought together women leaders from telecom, payments, cybersecurity, policy, and civil society to examine how scams are targeting women, and what it will take to stop them.

Speakers:

Patricia Eromosele, Director – Africa Chapter, Global Anti-Scam Alliance (Moderator)
Erica Okibe, Executive Secretary – Ndukwe Kalu Foundation (NKF)
Irish Salandanan-Almeida, Chief Privacy Officer and Vice President for Digital Policy – Globe Telecom
Mel Migrino, Country General Manager / Southeast Asia Regional Director – Information Security, Gogolook; Chairperson and President and Chief Executive Officer – WiSAP (Women in Security Alliance Philippines)
Reski Damayanti, Chief Legal & Regulatory Officer – Indosat Ooredoo Hutchison
Stella Uchenna, Vice President – Women in CyberSecurity (WiCyS) Nigeria Affiliate
Wanjing Ji, VP, AP Payment Ecosystem Risk – Visa

Women are already doing many of the right things

Patricia opened with insights from GASA’s 2025 gender data, which shows that women are more likely than men to adopt protective behaviors that reduce scam risk. Women are more likely to verify suspicious offers with friends and family and more likely to read reviews before acting. Those behaviors matter: women experience fewer scams overall than men and are less likely to lose money when targeted.

But the same data also reveals a troubling gap. Women report lower confidence in recognizing scams, higher stress after being targeted, and are less likely to report scams to authorities. In other words, women are often taking the right steps, yet still carrying a heavier emotional burden.

The same scam patterns are showing up across regions

From Indonesia, Reski Damayanti pointed to three major threats affecting women: romance scams, investment scams, and online shopping scams. She noted that in Indonesia, around 60% of love scam victims are women, while low financial literacy and economic pressure make fraudulent investment offers especially dangerous.

From the payments side, VISA’s Wanjing Ji described how romance and connection-based scams continue to surface across Visa’s network. She shared the example of a fake dating scam operation in which bots built emotional trust, encouraged small payments, and then stole payment details for repeated unauthorized charges. Her warning was clear: scam operations are becoming increasingly industrialized.

That same pattern was echoed by Uchenna Stella Emeka-Obi, who described how romance and investment scams exploit social pressure, emotional urgency, and silence. In her view, shame and victim-blaming still prevent too many women from speaking up, allowing scams to spread quietly through communities.

Behind every scam is a human story

Some of the strongest moments came from the speakers’ personal stories.

Irish Salandanan-Almeida shared how she almost became a victim herself after receiving alerts that her credit card was being used fraudulently. Because she acted quickly and reported it immediately, the bank was able to reverse the charges. Her story reinforced a simple but powerful lesson: awareness and fast action matter.

Mel Migriño recounted meeting a woman at a resort in the Philippines who had paid around 26,000 pesos for a fake hotel booking arranged through convincing brochures and false promotions. The financial loss was serious, but the emotional impact was even greater: the scam disrupted a family celebration, and drained money meant for essential needs.

Erika Okibe shared a similar story of nearly sending money to someone impersonating her uncle in a family WhatsApp group. The message created urgency around a sick relative, and only a pause to verify stopped the scam in time. Her takeaway was one many speakers repeated: scammers are highly effective at using emotion, urgency, and familiarity to lower people’s guard.

Why cross-border collaboration can’t wait

Again and again, the panel returned to the same conclusion: no single sector can solve scams alone.

Reski described a fragmented system in which responsibility is passed between telecoms, banks, and law enforcement while scammers move money and infrastructure across borders. Wanjing stressed that inconsistent rules around data sharing are creating dangerous visibility gaps. If suspicious domains, spoofed identities, fraudulent merchant patterns, and other impersonation signals were shared earlier across platforms, telecoms, financial institutions, and regulators, intervention could happen much faster.

That need for trusted, standardized cross-border intelligence sharing emerged as one of the clearest calls to action from the session.

Awareness must lead to action

The webinar also made clear that technology alone is not enough. Public education, community awareness, and practical digital literacy remain some of the strongest defenses.

Irish highlighted Globe’s work on digital literacy for both young people and seniors. Uchenna boiled her advice down to three simple words: pause, verify, report. Erika called for more advocacy and more spaces where women feel safe to speak openly about their experiences.

Closing the session, Intan Faradila reminded participants that scams are not just technical attacks, they exploit stress, trust, and moments of vulnerability. She also highlighted the ASEAN Foundation’s SCAM Ready program, supported by Google, which aims to equip 3 million people with the knowledge and confidence to recognize and respond to scams.

From discussion to collective action

The session ended with a series of pledges: stronger education, stronger partnerships, and stronger protections across the ecosystem. Together, they reflected the webinar’s core message: women are already leading in scam prevention, but systems must do more to support them.

Scams are evolving fast. Our response must evolve faster, and it must be collaborative, practical, and global.

When women are informed, supported, and heard, the impact extends far beyond the individual. It strengthens families, communities, and the wider fight against scams.

Watch the full discussion to learn how women leaders are driving global efforts to combat scams.

Explore our upcoming webinars to continue the conversation, or browse past sessions for deeper insights into evolving scam threats.

The Real Gap in Fraud Defense Is Strategy, Not AI

Brian D. Hanley — Tue, 24 Mar 2026 07:00:39 GMT

Fraud and scams are out of control. Everyone knows it. Attempts are up, losses are up, and complexity is up. And the standard response has been predictable – fight deception with better detection. Enter AI, faster models, and myriad “solutions”. Yet outcomes keep getting worse.

That is because we are fighting a strategic problem with tactical tools. Across the ecosystem, governments, platforms, banks, telcos, and exchanges are deploying AI-driven fraud detection at scale. Each organization is doing what it can within its own mandate, budget, and risk appetite. On paper, this looks like progress. In practice, it is a fragmented arms race.

Scammers are winning this asymmetric war, exploiting the seams across channels and jurisdictions, and rapidly adopting cheap AI tools openly available for as little as $25. GenAI has dramatically changed the fraud landscape, not just in volume, but in sophistication and conversion. Scams now feel personal and much more persistent, with conversations adapting in real time. AI removes barriers at the moment when trust matters most. Voice cloning and video deepfakes shatter our normal skepticism, moving scam victims from first contact to irreversible action in a matter of hours, not days, thereby shrinking the window for intervention.

At the same time, our defenses remain siloed. Each institution sees a slice of the scam journey. Platforms see behavior, telcos see origin signals, banks see transactions, law enforcement see victims; no one sees the whole picture. Most AI fraud models are trained on an organization’s own data, its customers, its transactions, its historical fraud cases. Alerts trigger when activity crosses thresholds that make sense for that organization’s risk appetite, regulatory exposure, and cost tolerance. Moreover, decisions are optimized for internal risk, not system-wide harm. Scammers exploit this perfectly.

They probe the ecosystem for weak seams. When pressure rises on one platform, they shift to another. When banks tighten controls, they reroute through payments, crypto, or telcos. Fraud does not move in a straight line; it moves to the weakest control point. When detection improves in one sector, scammers shift to another channel. When one platform tightens controls, activity migrates to the next weakest link. This is the balloon effect -- squeeze in one place and the fraud pops up somewhere else.

The result is a tactical arms race. Everyone deploys the best weapons they can afford, not the weapons the system actually needs. Large technology platforms invest heavily in AI detection and trust infrastructure. Top-tier e-commerce players are not far behind. Banks vary widely depending on leadership, regulation, and willingness to pay. Telcos operate on the thinnest margins of all, despite sitting at the front lines of scam delivery. This uneven defense landscape guarantees failure.

Even the best AI model cannot compensate for fragmented visibility. It cannot see what it is not allowed to see, and it cannot act where it has no authority. It cannot coordinate responses across institutions that do not share signals, timing, or incentives. More AI inside silos will not fix this. In fact, it may make things worse. Faster detection in one place simply may accelerate displacement elsewhere. This is not a technology failure. It is a coordination failure.

Looking to contribute to collaborative anti-scam initiatives? GASA Working Groups bring members together to develop practical, real-world solutions.

What reduces losses today is not smarter detection alone, but rather earlier intervention enabled by shared signals and clear shared responsibility. We need to know who acts when risk first appears and align incentives so that speed matters more than liability avoidance.

We see this where coordination exists. National Anti-Scam Centers are one example. When designed well, they provide a focal point for cross-sector intelligence, escalation, and action.

Not just reporting and dashboards, but actual operational coordination. Shared signal environments are another. When banks, platforms, telcos, and exchanges act on common indicators in near real time, scams attack chains break earlier. Infrastructure gets disrupted, victims get contacted by their bank before trust in the scam hardens, and losses stop.

These are not theoretical benefits; they are observable outcomes. The lesson is simple. Fraud is now a system-level risk, and it must be managed as such. That requires strategy, not just tactics. A strategy starts with accepting that no single actor can solve this alone, which is why the Global Anti-Scam Alliance (GASA) exists, bringing together government, law enforcement, industry and civil society to find solutions.

Our strategy should prioritize early disruption over late-stage recovery and invest in shared visibility, not just internal performance metrics. Until we make a shift, we will keep building better tools, and we will keep losing because scammers are not fighting tactically. They are exploiting our lack of strategy, and they are very good at it.

Sign up to the GASA newsletter for regular updates on scam prevention, research, and best practices.

About the Author

Brian D. Hanley is the Director - Asia-Pacific at the Global Anti-Scam Alliance (GASA), building coalitions across the region to combat scams. He has worked in 30+ countries as an international development expert, and brings more than 20 years of experience advancing democratic governance, human rights, civil society and media across Asia and the Pacific.

New Executive Order on Cybercrime and Fraud Marks a More Coordinated U.S. Response

Global Anti-Scam Alliance (GASA) — Fri, 20 Mar 2026 09:40:44 GMT

The U.S. Government has taken a significant step in addressing the growing threat of online fraud with the release of a new Executive Order titled Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens. The order formally recognises scams, referred to as “predatory schemes”, as a national priority and outlines a more coordinated, whole-of-government response.

Until now, federal anti-fraud efforts have been fragmented across agencies and focused primarily on financial crimes and cybersecurity. This Executive Order is the first to name scams, scam centres, and Transnational Criminal Organizations (TCOs) as a distinct national policy problem.

Senior officials across State, Treasury, Justice, Homeland Security, and Defense have been directed to submit an Action Plan outlining how the government will target transnational criminal organisations and improve coordination, including partnerships with the private sector.

The Attorney General has also been directed to prioritize the prosecution of cyber-enabled fraud, including scams and sextortion schemes. At the same time, the Department of Homeland Security, through CISA, will provide training and technical support to state and local partners.

The order also places emphasis on victim support and restitution. The Attorney General must provide recommendations for a Victims Restoration Program, enabling the return of seized or forfeited funds to victims.

Finally, the Executive Order introduces consequences for countries that tolerate or host scam operations targeting Americans, including potential diplomatic and economic measures.

While implementation details are still to be defined, the Executive Order establishes a clearer framework for coordination, enforcement, and victim support.

The GASA North America Chapter brings together several leading organizations across the region to address scams and fraud. Learn more about the chapter and membership.