2025 was a pivotal year for fraud, marked by unexpected criminal innovations, evolving criminal tactics, and a growing need for collaborative defence. Below, we examine five key trends that shaped the fraud landscape and offer predictions for what 2026 may hold.

Trend 1: 
Investment Fraud Dominates Losses – FBI IC3 and Europol IOCTA Insights

The FBI IC3 2024 report revealed staggering losses in the US:

• Investment fraud: $6.6 billion
• Tech support fraud: $1.5 billion
• Romance scams: $390 million

This top 3 shows a shift to investment fraud, with average losses increasing. Europol’s IOCTA 2024 echoed these findings, noting that investment and romance fraud remain dominant across Europe, often intertwined with cryptocurrency schemes. The IOCTA 2025 preview suggests a pivot toward criminal data theft as a precursor to fraud.

Further Reading:

• FBI IC3 Annual Report
• Europol IOCTA 2024

Prediction for 2026: Investment fraud will continue to rise, larger losses will increase victim impact. They will be driven by social engineering and identity scams. AI-powered tools will aid criminal scalability, deepfake technology becomes scalable. Regulators will likely impose stricter KYC and crypto transaction monitoring requirements.

Trend 2: 
The Return of Carding, NFC Relays, and the Rise of Chinese-speaking Social Engineering Gangs

Carding – once thought to be in decline – has re-emerged with a modern twist. As Brian Krebs reported, cybercriminals are converting phished card data into Apple Pay and Google Wallet accounts, enabling tap-to-pay fraud at scale. This innovation leverages NFC relay attacks, allowing criminals to execute transactions remotely using tools like NFCGate and ZNFC. ThreatFabric’s research on Ghost Taphighlights how these techniques bypass traditional fraud detection by relaying NFC traffic between devices.

What’s more, Chinese-speaking gangs have become prominent players in this space, offering phishing kits and tutorials on underground forums. This shift signals a diversification of threat actors beyond historically dominant regions.

Many Financials are confronted with a lack of controls on their Point of Sale (POS) networks. For example, many do not check for geographical anomalies on POS transactions.

Further Reading:

• Krebs on Security: How Phished Data Turns into Apple & Google Wallets
• ThreatFabric: Ghost Tap – New Cash-Out Tactic with NFC Relay

Prediction for 2026: Expect NFC relay fraud to expand globally, with Mobile malware families further integrating relay capabilities. Financial institutions will need advanced device fingerprinting, hardened Card Provisioning Journeys, or extended POS transaction detection capabilities.

Trend 3: 
Criminal Data Collection and Monetisation in Fraud Context

Fraudsters now require more than passwords and OTPs. With financial institutions deploying biometrics, attackers seek faces, fingerprints, and behavioural patterns. Malware like Herodotus exemplifies this evolution, mimicking human behaviour, like inputdelays, to bypass detection and steal sensitive data.

Beyond credentials, criminals harvest selfies and videos for future identity fraud from Mobile Phones. This trend implies that Data Stealers are evolving into a Know Your Customer (KYC) related risk.

Further Reading:

• ThreatFabric Analysis of Herodotus Malware
• BleepingComputer: Herodotus Mimics Human Typing

Prediction for 2026: Expect a surge in synthetic identity fraud powered by stolen biometric data. Financial institutions will need multi-layered defences focused on the Mobile, combining behavioural analytics, device integrity checks, and liveness detection.

Trend 4: 
Criminal AI Developments at a Tipping Point

AI has moved from hype to operational reality in fraud schemes. Criminals now use generative AI for phishing, voice/video deepfakes, and large-scale automation of account creation. Reports from FBI warn of autonomous AI agents capable of executing fraud end-to-end, including card testing and onboarding scams.

Further Reading:

• FBI Public Service Announcement on AI-enabled Fraud

Prediction for 2026: AI-driven fraud will become fully autonomous, leveraging multi-profile browsers and emulators to bypass detection. Countermeasures will require AI-powered fraud engines and cross-industry intelligence sharing.

Trend 5: 
Fraud Intelligence sharing

The evolution of Fraud in 2025 shows that crime doesn’t care how financial organisations are structured. KYC, AML, Cyber Security and Fraud departments are all dealing with similar issues.

Unfortunately, these departments don’t always speak the same language. That’s why initiatives arise to create common Vocabularies and Taxonomies across Functions in the Financial industry.

This results in Financial Organisations breaking down silos between fraud, AML, and cybersecurity. The FRAML (Fraud – AML alignment) approach and Fusion centres enable real-time intelligence sharing. Initiatives like FraudKillChain.com provide a common taxonomy for mapping fraud TTPs and mitigation strategies. These frameworks are maturing, helping institutions identify gaps and coordinate responses.

Further Reading:

• Fraud Kill Chain Framework
• Actimize Blog on FRAML

Prediction for 2026: Increased collaboration across Fraud, AML and Cybersecurity drives global adoption of fraud taxonomies and integrated FRAML platforms, supported by regulatory mandates for cross-domain intelligence sharing.

Closing Thoughts

2025 underscored the adaptability of fraud actors, their drive to go after “bigger fish” and the urgency for collaborative, technology-driven defences.

As we move into 2026, fraud collaboration, proactive threat intelligence, AI-powered detection, and unified frameworks and layered defenses will be critical to staying ahead.

2026 will also see increasing regulatory shifts globally, such as the PSD3 (the payment service directive version 3) in Europe. These regulations mandate, among other things, scam liability for financials. These regulations will drive financials’ capability and explainability needs.