First-party fraud surpasses scams to become leading form of global attacks
The composition of global fraud attacks has shifted.
First-party fraud has increased to become the leading type globally, representing 36% of all reported fraud in 2024, up from 15% the year before, according to LexisNexis Risk Solutions’ annual Cybercrime Report.
First-party fraud includes misrepresenting or giving false personal or account information for financial gain, such as claiming a credit or debit card purchase is fraudulent in order to get a refund (known as friendly fraud), claiming ordered goods were not delivered and such as when applying for a loan,
Buy now, pay later providers and financial institutions are among the organizations reporting an uplift in first-party fraud, which is known to be exacerbated by periods of inflation and the rising cost of living, the report noted. Increased institutional liability for scams, driven by regulation, is also likely having an impact.
Account takeover fraud — fueled by phishing and smishing activity — represents a further 27% of global reported fraud (down by 2% year on year), while scams, including authorized push payment fraud, represent 11% of cases (down from 16% of cases in 2023). The report also found one in nine (11%) password reset attempts in 2024 was a fraud attack, rising to over one in four (27%) reset attempts initiated on a desktop computer.
[READ MORE: Verizon: Retail cyberattacks on the rise]
“These findings represent a notable shift in global fraud patterns, with consumers now emerging as the single largest source of human-initiated fraud,” said Stephen Topliss, VP of fraud and identity, LexisNexis Risk Solutions. “The change in composition of attacks presents a significant challenge for fraud prevention since detecting first party fraud requires a subtly different approach from detecting scams or account takeovers. It is vital for organizations to have models tuned to detect these varied forms of fraud.”
AI
After two years of substantial increases in overall global attacks, the latest Cybercrime Report finds that rates began stabilizing in 2024. There was only a marginal (1%) increase in the human attack rate and a 15% decrease in global bot attacks — algorithms designed to break into customer accounts using stolen credentials. However, LexisNexis Risk Solutions believes this relatively calm global picture may obscure underlying signs of a coming storm powered by artificial intelligence.
“While many organizations have improved their defenses over the past few years, we also know that cybercriminals are embracing new innovative, AI-enhanced capabilities and we will likely see these extensively tested and executed over the coming months,” Topliss said. “Our analysis of attacks over a longer multi-year period shows that significant attacks often come in waves and this latest set of figures could indicate the imminent arrival of the next, AI-enabled wave of global attacks.”
