Fraud isn’t what it used to be. In the past, scams often started at the bank — with unauthorised transactions, stolen cards, or compromised systems. Today, that’s changed dramatically. Fraud now begins with the customer, often through social media, online platforms, and digitally engineered interactions. It’s become more personal, more psychological, and much harder to detect.
In this blog, Tarini Ponniah, Wirex’s Head of Compliance & MLRO (APAC), shares her expert insights on this evolving landscape.
The Changing Face of Fraud
One of the most significant transformations in the fraud landscape is the move from unauthorised fraud to authorised fraud. In unauthorised fraud, the criminal acts without the customer’s knowledge; stealing credentials, hacking systems, or forging identities. But in authorised fraud, the customer is involved in the process, albeit unwillingly or unknowingly. They are tricked, manipulated, or socially engineered into approving transactions, sharing sensitive data, or bypassing security protocols.
This type of fraud is particularly insidious because it exploits trust and human behaviour. The customer believes they are acting in good faith, responding to a legitimate request, helping a colleague, or following instructions from someone they trust. But, in reality, they are being duped!
Phishing Gets Personal
Phishing has evolved from generic spam emails to highly targeted attacks. Cybercriminals now use data scraped from social media, breached databases, and public profiles to craft messages that are tailored to the individual. These messages often mimic the tone, style, and urgency of real communications, making them incredibly convincing.
Business email compromise scams are a prime example. Attackers impersonate executives or vendors, requesting urgent wire transfers or sensitive information. These scams have cost companies billions globally, and they continue to grow in sophistication.
Deepfakes: The New Frontier
Deepfakes; AI-generated audio, video, or images are redefining the boundaries of deception. Fraudsters can now mimic the voice of a CEO, create fake video calls, or generate realistic messages that appear to come from trusted sources.
These technologies exploit our natural instincts to trust what we see and hear. When combined with social engineering, they become powerful tools for fraud.
Why These Threats Work
Modern fraud succeeds because it targets human psychology. It creates urgency, exploits authority, and mimics familiarity. Remote work flexibility and digital-first communication have made it easier for attackers to impersonate colleagues or executives. Without face-to-face interactions, verifying identity becomes more challenging.
Moreover, the shift to authorised fraud means that traditional security measures like transaction monitoring or password protection are no longer enough. If the customer is the one initiating the transaction, even under false pretenses, it becomes harder to flag as suspicious.
How to Protect Yourself and Your Organisation
While the threats are evolving, so are the defenses. Here are key strategies to mitigate risk:
1. Verify Requests Through Multiple Channels
Never rely solely on email or voice for sensitive requests. Use a secondary channel such as a direct phone call, secure messaging app, or in-person confirmation to verify authenticity.
2. Implement Multi-Factor Authentication (MFA)
MFA adds a critical layer of security by requiring more than just a password. Even if credentials are compromised, MFA can prevent unauthorised access.
3. Invest in Awareness and Training
Regular training helps employees recognise phishing attempts, social engineering tactics, and deepfake risks. Simulated phishing exercises can reinforce vigilance.
4. Monitor Communication Patterns
AI-powered tools can detect anomalies in email behaviour, such as unusual sending times, tone shifts, or new recipients. These tools can flag potential fraud before it escalates.
5. Stay Informed and Adaptive
Cyber threats evolve quickly. Subscribe to threat intelligence feeds, attend industry webinars, and collaborate with peers to stay ahead of emerging risks.
6. Establish Clear Incident Response Protocols
When fraud is suspected, swift action is critical. Ensure your team knows how to escalate, investigate, and contain threats effectively.
Building Digital Resilience
As fraudsters become more sophisticated, so must our defenses. The future of fraud prevention lies in a combination of technology, education, and culture. Organisations must foster a security-first mindset, where vigilance is part of everyday operations.
Ultimately, protecting against modern fraud is not just about tools it’s about trust, awareness, and proactive action. By understanding the threats and implementing robust safeguards, we can navigate the new age of fraud with confidence.