Entrust: Why Cybercrime is More Prevalent in the Small Hours

Is there a right time to do the wrong thing?

As it turns out, the answer is yes.

The 2026 Entrust Identity Fraud Report reveals that cybercrime peaks between 2:00am and 4:00am UTC.

This is because the global cyber crime groups that operate 24/7 are taking advantage of the downtime of security defences in many regions. 

With organised crime groups wielding AI to power cyber crime, the scale and sophistication of fraud are reaching new highs. 

The main culprit proved to be deepfakes according to the report, which holds it responsible for one in five attempts of biometric fraud.

This is part of a wider fraud strategy, as injection attacks rise by 40% each year.

“As detection improves, fraud rings evolve, becoming faster, more organised and commercially driven,” says Simon Horswell, Senior Fraud Specialist Manager at Entrust. 

“Generative AI and shared tactics fuel volumes and sophistication, targeting people, credentials and systems. 

“Identity is now the front line and protecting it with trusted, verified identity across the customer lifecycle is essential to staying ahead of adaptive threats.”

What are digital injection attacks?

Digital injection attacks are used to spoof authentication systems and biometric verification. 

This is done by directly feeding manipulated images or videos using deepfakes into the datastream or using replay attacks. 

These have been proven capable to mimic not just documents but even live-capture experiences.  

The Entrust report shows that deepfake selfies increased by 58% in 2025.

Criminals also use photos of screens, photos of printouts, 2D and 3D masks, video of a video on screen and video of photo on screen to bypass security. 

Which industries are affected by cyber fraud the most?

The report shows that the cryptocurrency sector, which offers sign-up bonuses, faces the highest rate of onboarding fraud attempts at 67%. 

In the payment and banking sectors, the most prevalent is account takeover (ATO) fraud, which accounts for a whopping 82% of fraudulent activity.

Account takeover fraud involves malicious actors gaining access to user accounts through stolen credentials, phishing, malware or social engineering, which is then used to steal funds or harvest sensitive data.

The industry also faces a large number of fraud aimed at overriding their authentication systems. 

National IDs are the most abused documents by counterfeiters 

The report shows there is a higher concentration of document fraud, with physical forgeries still the most prevalent at 47%.

Digital counterfeits. on the other hand, show extreme sophistication due to wide adoption of AI tools by fraudsters. 

Among these documents that are counterfeited, National ID cards account for nearly half (46%) of fraudulent submissions. 

In this age of AI-powered cyber crimes, AI-powered cyber defence could be the solution. 

Tony Ball, President of Payments & Identity and Incoming CEO at Entrust says: “With over one billion identity verifications conducted across 195 countries and more than 30 industries, Entrust offers unparalleled insights into how fraud operates and how to help mitigate it.

"Our global reach and deep fraud intelligence mean we’re uniquely placed to drive continuous innovation and share meaningful insights for customers.

“The future of digital trust lies in layered, identity-centric strategies powered by AI, delivering fraud prevention and seamless user experiences.”