How FaaS is Driving Large-Scale Fraud and Cyber Attacks

In an increasingly complex and challenging cybersecurity environment Fraud-as-a-Service (FaaS), where criminals commercialise their expertise and tools to enable others to perpetuate fraud more easily, is emerging as a driver of large-scale cyber crime. 

According to insights from identity verification and risk management firm AU10TIX, these platforms are industrialising cyber crime through the use of advanced technologies like AI.

By providing resources such as deepfake generators, phishing kits and botnet infrastructures, FaaS platforms make it significantly easier for criminals to create false identities and orchestrate mass-fraud campaigns and account takeovers.

Automated mega-attacks increase

During 2024 there was a surge in coordinated fraud attempts, reaching an average of 8,000 unique incidents recorded per operation. The tools provided by FaaS fraudsters have allowed criminals to act not just faster, but on a larger scale. 

AU10TIX’s latest research points to a significant deployment of these attack methods: one monitored campaign alone saw 4,580 different identity permutations used to target multiple regions and industries simultaneously.

Geographically, South-east Asia is at the epicentre of these automated and large-scale assaults, accounting for 88% of such incidents. 

Vietnam (59%), Malaysia (13%), the Philippines (9%) and Indonesia (5%) were the primary sources of recorded attacks, with other countries like the United States (8%) and Colombia (4%) also making the list. 

FaaS services now offer an increasingly fast and effective timescale for criminals to target businesses and individuals – AU10TIX says a combination of tools like AI, bots and deepfake generators enable attacks to go live and find a way around ID verification systems within hours.

Evolving attack methods

The tools and tactics used by today’s cybercriminals continue to evolve at pace. AU10TIX reports a pronounced shift from exploiting static document numbers to the widespread utilisation of image templates and AI-generated synthetic selfies. 

The latter half of 2024 saw a significant uptick in the use of AI-generated content, a clear indication of fraudsters' preference for these advanced methods to bypass traditional verification systems.

FaaS platforms are now sophisticated enough to produce high-quality fake identities and documents that can pass through various checks meant to ascertain the authenticity of users. This technological enhancement has broadened the scope of fraud, with bots capable of striking numerous victims across diverse locales simultaneously.

Sector analysis and impact

Despite the sophistication of these attacks, some sectors are maintaining an effective threat and security posture. The payments industry, for instance, witnessed a decrease in fraud attempts as vigilant enforcements started clamping down on illicit activities. 

Attack volumes in this sector saw a drop from 54% to 43% by the end of the year. Conversely, the rise of social media as a venue for financial transactions has opened new doors for attackers, with fraud incidents here accelerating to 30% by the end of 2024.

AU10TIX says social media platforms are increasingly vulnerable to these kinds of attacks as they continue to develop ecommerce features and capabilities while also having relatively limited identity verification requirements when compared to more traditional payment providers.

The company also notes how regulation is reshaping the landscape. The crypto sector, where greater regulatory governance is in place including the Markets in Crypto Assets (MiCA), saw a downturn in attack prevalence. 

This regulatory pressure has seemingly steadied the otherwise volatile arena of cryptocurrency-related fraud, further showcasing the power of effective governmental legislation and oversight in the digital age.

For example, quarterly data shows cryptocurrency-related attacks started at 31% in Q1, dropped to 24% in Q2, rose to 29% in Q3, before settling at 24% in Q4, demonstrating the stabilising effect of regulation on an industry.

Embrace smarter strategies

As the ecosystem of data theft, identity fabrication, and automated deployment matures, projected fraud losses in the US are forecast to reach as much as US$40bn by 2027. 

This sizable figure underscores the growing need for robust cybersecurity strategies and advanced technological countermeasures against such sophisticated fraud schemes.

AU10TIX highlights the requirement for consortium validation and enhanced selfie detection capabilities as key measures to mitigate sophisticated fraud. Its own Serial Fraud Monitor shows the effectiveness of pattern recognition in identifying coordinated cyber attacks, particularly on social media. 

"2024 has been a game-changer in fraud prevention. FaaS has taken cyber crime to a new level, enabling coordinated mega attacks that now average over 8,000 incidents each,” says Dan Yerushalmi, CEO of AU10TIX.

“By embracing smarter fraud prevention strategies and layered defences, businesses can get ahead of these threats and build stronger trust with their users.”

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand