2024 Fraud Intelligence Report

Posted on April 24, 2024 • 4 min read • 718 words
Share via
Empowering Businesses to Outsmart Fraud - Q1 2024 Edition
Executive Summary   Key Statistics   What’s Inside   Big Picture   Top Risk Vectors   Attacks and Attackers Making News   How to Protect Your Business   12 Key Insights   4 Key Takeaways   Takeaway #1: Analyze Your Data   Takeaway #2: Manage User Accounts   Takeaway #3: Enforce Access Controls   Takeaway #4: Secure Web Applications   Download the Full Report   About This Report  

2024 Fraud Intelligence Report  

Empowering Businesses to Outsmart Fraud

Published April 2024 | 23 Pages | Free Download

Executive Summary  

Our inaugural Fraud Intelligence Report established the baseline for understanding the fraud threat landscape. Drawing from FBI IC3, INTERPOL, Europol, and leading cybersecurity vendors, this report documented the rapid escalation of financially-motivated cybercrime and provided foundational strategies for defense.

The insights in this report remain highly relevant—the threat vectors, attack patterns, and defense strategies documented here continue to apply in today’s environment.

Key Statistics  

MetricFindingSource
$12.5Bin losses reported to FBI IC3 in 2023FBI IC3 2023
22%increase in losses vs. prior yearFBI IC3 2023
880,418complaints received by IC3 (record high)FBI IC3 2023
94.6%of breaches driven by financial motivesVerizon DBIR 2023
50%+of social engineering incidents are BECVerizon DBIR 2023
85.9%of threats delivered over encrypted channelsZscaler 2023

What’s Inside  

Big Picture  

Headlines from leading law enforcement and government sources:

  • FBI IC3 2023 Annual Report — Record complaints, $12.5B in losses
  • INTERPOL Assessment — Global financial fraud epidemic
  • Europol Report — 821 criminal networks decoded (Agile, Borderless, Controlling, Destructive)
  • UK NCSC — AI will increase volume and impact of cyberattacks
  • Singapore CSA — 8 in 10 organizations experienced cybersecurity incidents

Top Risk Vectors  

1. Business Email Compromise (BEC) and Social Engineering

  • BEC attacks doubled, now 50%+ of social engineering incidents
  • Phishing with a personal touch using social media reconnaissance
  • Supply chain compromise targeting third-party vendors

2. Deepfakes and Synthetic Identity Fraud

  • AI-generated videos impersonating executives
  • Synthetic identities bypassing fraud detection systems
  • “Born-bad” fake accounts as footholds for fraud

3. Ransomware and Extortion

  • Double extortion schemes (encrypt + threaten to leak)
  • Ransomware-as-a-Service (RaaS) lowering barriers to entry
  • 24% of breaches involved ransomware

4. Cloud-Based Fraud

  • Exploiting cloud vulnerabilities and misconfigurations
  • Account takeover via stolen credentials, session cookies, OTP theft
  • Cloud platforms as targets for data theft and lateral movement

Attacks and Attackers Making News  

  • APT29 (Midnight Blizzard/Cozy Bear) — Russian intelligence targeting cloud infrastructure
  • Volt Typhoon — Chinese state-sponsored actors pre-positioning in U.S. critical infrastructure
  • Genesis Market Takedown — Criminal marketplace selling stolen credentials

How to Protect Your Business  

Comprehensive guidance covering:

  • People & Processes — Security awareness, least privilege, segregation of duties, incident response
  • Technology & Security Measures — MFA, email security, EDR, DLP, network segmentation, patching
  • Additional Strategies — Threat intelligence, penetration testing, cyber insurance

12 Key Insights  

  1. Cybercrime is big business and continues to rise—all organizations are at risk
  2. AI is a game changer and you must prepare now
  3. Email compromise leads to big fraud success
  4. “Born-bad” fake accounts are a foothold for fraudsters
  5. Account takeovers let fraudsters hide within legitimate user activity
  6. Payment fraud is one of the easiest frauds to conduct
  7. Card testing is a “free service” if your platform doesn’t block it
  8. Cryptocurrency is a focus of threat actors
  9. Clean up old service accounts; disable dormant user accounts
  10. Evaluate authentication tokens/cookies to verify account ownership
  11. OTPs and passcodes can be bypassed by skillful threat actors
  12. China and Russia state-sponsored actors are aggressively pursuing U.S. targets

4 Key Takeaways  

Takeaway #1: Analyze Your Data  

Financial motives drive fraudulent activity. Analyze incoming traffic and transactional data to find suspicious patterns. Look and you will find—the more you look, the more you will find.

Takeaway #2: Manage User Accounts  

Fraudsters create fake accounts, crack passwords, and buy stolen credentials. Analyze account usage, disable dormant users, identify abusive accounts, and remove unused service accounts.

Takeaway #3: Enforce Access Controls  

Help users maintain secure accounts through best practices—activity notifications, strong passwords, MFA, and authentication cookies bound to user fingerprints.

Takeaway #4: Secure Web Applications  

Web application attacks are the top risk vector. Identify and remediate vulnerabilities, practice secure coding, and build security into software designs.

Download the Full Report  

Get the complete 23-page report with detailed analysis, charts from industry sources, and comprehensive recommendations.

Download PDF →

No registration required. Research = FREE.

About This Report  

The Fraud Intelligence Report (FIR) was launched in April 2024 as the first publication from FIR Risk Advisory. Our mission: deliver cybersecurity intelligence and actionable insights that save businesses time on research and help prevent attacks before they occur.

Learn more about FIR Risk Advisory →

On this page: