Social engineering + impersonation = Fraud ≡ cyber deception
Fraud is deception used to gain something valuable (money, goods, services or information) from someone else's dishonesty. We are seeing a lot of blended cyber attacks in the news currently where social engineering might then be combined with an impersonation followed by a ransomware attack, in order to take data and/or money.
Blended Cyber Attacks
Blended cyberattacks are sophisticated threats that combine multiple attack vectors and techniques, such as malware, social engineering, and exploiting software vulnerabilities, to achieve a single malicious goal. Instead of relying on one type of attack, they use a combination of methods to increase their chances of success and make detection and defense more challenging. For example, an attack might start with a phishing email to deliver malware, which then exploits a system vulnerability to gain further access and exfiltrate data.
Fraud Key Points
🎭Dishonesty - not an accidental mistake but someone deliberately setting out to trick someone.
🎭False Representation
🎭lying out something to be true when it's not.
🎭deliberately keeping quiet when someone has a legal duty to tell you something important.
🎭 when someone is in a position of trust and they dishonestly use that for a gain.
🎭Intention - to gain or cause loss -when the person intends to make a gain for themselves.
Important Points
❗It's a crime
❗It doesn't always mean financial loss
❗The victim doesn't have to be tricked
❗Various types of fraud
Cyber Crime Frauds
🤖Social engineering
🤖Phishing, spear phishing and whaling
🤖Invoice fraud
🤖Identity fraud
🤖Impersonation
🤖Account takeover
🤖Ransomware
These types of fraud are rapidly evolving with the use of AI, using new technology to deceive their targets.
This YouTube video from fraudible (a video podcast series that brings together fraud practitioners and academics to fight fraud) explains the different types of fraud and how fraudsters trick their victims:
Fraudscape reports that fraud has hit record levels in 2025:
🎭Identity fraud remains dominant, with criminals favouring impersonation tactics.
🎭Increases in account takeover and false applications.
🎭UK organisations have still be able to prevent £2.1bn in fraud losses.
The report indicates that organisations have reported a rise in identity fraud which has been amplified by the use of AI and generative technologies, enabling criminals to take advantage of people at speed and scale.
Fraud now accounts for around 40% of all crime in England and Wales, with employees increasingly being targeted by cyber criminals - HR have a pivotal role in protecting both people and organisations.
Review more about this: HR Magazine 👉 HR must help safeguard workforces against fraud
As Cifas says:
🛡️Fraud isn't just a financial risk anymore - it's a direct threat to workforce wellbeing and organisational resilience'🛡️
Fraudscape full report and statistics 👉 Fraudscape 2025: Reported fraud hits record levels
Blended Cyber Attacks
Blended cyberattacks are sophisticated threats that combine multiple attack vectors and techniques, such as malware, social engineering, and exploiting software vulnerabilities, to achieve a single malicious goal. Instead of relying on one type of attack, they use a combination of methods to increase their chances of success and make detection and defense more challenging. For example, an attack might start with a phishing email to deliver malware, which then exploits a system vulnerability to gain further access and exfiltrate data.
Fraud Key Points
🎭Dishonesty - not an accidental mistake but someone deliberately setting out to trick someone.
🎭False Representation
🎭lying out something to be true when it's not.
🎭deliberately keeping quiet when someone has a legal duty to tell you something important.
🎭 when someone is in a position of trust and they dishonestly use that for a gain.
🎭Intention - to gain or cause loss -when the person intends to make a gain for themselves.
Important Points
❗It's a crime
❗It doesn't always mean financial loss
❗The victim doesn't have to be tricked
❗Various types of fraud
Cyber Crime Frauds
🤖Social engineering
🤖Phishing, spear phishing and whaling
🤖Invoice fraud
🤖Identity fraud
🤖Impersonation
🤖Account takeover
🤖Ransomware
These types of fraud are rapidly evolving with the use of AI, using new technology to deceive their targets.
This YouTube video from fraudible (a video podcast series that brings together fraud practitioners and academics to fight fraud) explains the different types of fraud and how fraudsters trick their victims:
Fraudscape reports that fraud has hit record levels in 2025:
🎭Identity fraud remains dominant, with criminals favouring impersonation tactics.
🎭Increases in account takeover and false applications.
🎭UK organisations have still be able to prevent £2.1bn in fraud losses.
The report indicates that organisations have reported a rise in identity fraud which has been amplified by the use of AI and generative technologies, enabling criminals to take advantage of people at speed and scale.
Fraud now accounts for around 40% of all crime in England and Wales, with employees increasingly being targeted by cyber criminals - HR have a pivotal role in protecting both people and organisations.
Review more about this: HR Magazine 👉 HR must help safeguard workforces against fraud
As Cifas says:
🛡️Fraud isn't just a financial risk anymore - it's a direct threat to workforce wellbeing and organisational resilience'🛡️
Fraudscape full report and statistics 👉 Fraudscape 2025: Reported fraud hits record levels
|
||
