With each day that passes, the face of cybercrime becomes more advanced and pervasive, offering new and complex threats to American citizens and businesses. The economic impact of cybercrime is absolutely shocking, with some estimates predicting the annual costs to exceed $10.5 trillion. This increase is fueled by technology-intensive methods including synthetic identity fraud, deepfakes, and account takeover scams. These schemes are not just growing in popularity, they’re getting harder and harder to catch.

With cybercrime increasing, we need a more preventative strategy to cybersecurity. It is critical that both individuals and organizations are aware and on guard to protect themselves. Ongoing, improved security, around-the-clock vigilance, and robust training will be key to addressing these ever-multiplying threats and defending proprietary data. Because technology is constantly evolving, the strategies we use to stop cyber fraud and create a safe digital world must evolve as well.

Escalating Financial Impact of Cybercrime

The economic impact of cybercrime is expected to soar to shocking new levels. By 2025, that annual cost of cybercrime is expected to increase to $10.5 trillion, according to cybersecurity experts Cybersecurity Ventures. This is a huge increase from the previous high of $3 trillion in 2015. This rapidly rising price tag highlights just how badly we need stronger cybersecurity protections and a better understanding of sophisticated new threats.

Synthetic identity fraud is the fastest growing type of financial crime in the U.S., and for good reason. Synthetic ID theft is the crime of creating new identities out of both real and fictitious information. Experts expect this kind of fraud to cause horrific losses of as much as $23 billion in the U.S. by 2030. The fiscal ramifications will be immense and widespread. That’s because the tools used to create these sophisticated identities are more sophisticated and accessible than ever, making them especially difficult to detect.

2025 will see synthetic identity fraud break out and become a substantial — and growing — challenge. The tools and technologies that fraudsters can leverage to create hyper-realistic synthetic identities are becoming cheaper and more readily available. At the same time, bad actors are becoming increasingly skilled. - Daniel Flowe, Head of Digital Identity at LSEG Risk Intelligence

Emerging Threats and Fraud Techniques

A number of new threats and fraud methods are adding to the growing cybercrime ecosystem. Deepfakes—AI-generated videos or audio recordings that convincingly imitate real people—are on the rise. A new report finds that 46% of businesses have experienced a rise in deepfakes and generative AI scams.

Identity verification protocols are targeted as well, including impersonation attempts that occur more often each day. And surprisingly, in 2024, at least 1 out of every 20 identity verification attempts featured some type of impersonation. This points to a greater demand for more secure, more accurate, and more comprehensive identity verification technologies.

E-commerce platforms are the most impacted, with the highest authorized fraud rate of any vertical in 2024, at 1.62%. Furthermore, account takeover scams increased by 250% in 2024, a danger that risks becoming the most damaging scam against online users.

Regional and Internal Vulnerabilities

Identity fraud rates fluctuated heavily by region. A high prevalence is observed in the Americas and APAC, while lower rates are found in EMEA. In particular, identity fraud percentage was 6.2% in the Americas, 6.8% in APAC, and 3.4% in EMEA. These regional disparities can be explained by differences in cybersecurity ecosystem, regulatory environment, and state of the end-user education.

Internal cybersecurity vulnerabilities are an even larger factor in cybercrime incidents. Employee account take overs fall flat on 30.89% of security incidents, showing the need for employee training and strong access control. Additionally, 32.52% of fraudulent schemes are based on impersonating employees, highlighting the importance of caution and confirmation when communicating within a company.

There is also a large focus on this area, with 40.8% of fraudulent documents going for national ID cards. It means we need better security features and verification processes for these important documents. In biometric-based fraud, deepfakes have all of a sudden increased to 40% of this sort of fraud.

Despite the sophistication of deepfake technology, subtle clues in language and context can sometimes betray their authenticity. As the battle against misinformation intensifies, the quest for effective safeguards and consumer education against deepfakes remains imperative. - Blair Cohen, President and Founder of AuthenticID

The Role of Phishing and Timing of Attacks

The overwhelming majority of the fraud starts with phishing. Phishing is still the favored initial attack vector used by cybercriminals, used in 76.86% of fraud cases. Phishing scams are frequently comprised of fraudulent, malicious emails or texts that attempt to lure unsuspecting victims into providing sensitive data. The popularization of phishing simply highlights the importance of user education and initiatives effective against anti-phishing.

It’s key to know when these identity fraud attacks go down. Identity fraud commonly peaks between 3 a.m. and 6 a.m. UTC. This pattern indicates that cybercriminals focus their efforts on systems that are more loosely defended. Planning agencies and organizations should advocate for and build heightened monitoring and anti-infrastructure harm security protocols during these grave high-risk hours.

Identity fraud with all of the current technology and the ability to use the dark web to create fake identities will continue to escalate and require subject matter experts and appropriate training and technology to thwart attacks. - Garry W.G. Clement, Chief Anti-Money Laundering Officer at Versa Bank

Preparing for the Future of Cybercrime

Given that cybercrime is always changing and advancing, organizations need to take the initiative to get ahead of future threats. Wariness of the incoming post-quantum era is definitely the key theme here. Indeed, as many as 61% of IT security professionals have already begun efforts to address the new potential risks that quantum computing presents. Quantum computers could one day break today’s encryption methods in use across the Internet, so producing and deploying quantum-resistant cryptographic solutions is critical to our safety.