Fraud Typologies
Fraud Typologies
Phishing: Fraudsters use fake emails or websites to trick victims into revealing sensitive data like passwords or card numbers.
Smishing & Vishing: Phishing through SMS (smishing) or voice calls (vishing), often pretending to be banks or government agencies.
Mule Accounts: Individuals (knowingly or unknowingly) allow their bank accounts to be used to transfer illicit funds.
Identity Theft: Stolen personal info is used to open accounts, apply for credit, or commit other fraud.
Synthetic Identity Fraud: Fake identities are created using a combination of real and fabricated information.
Account Takeover: Criminals gain control of a victim's online account and use it for unauthorised transactions.
Card Not Present (CNP) Fraud: Occurs when stolen card details are used for online or phone purchases without the physical card.
Counterfeit Cards: Fake physical cards made using stolen data, used for in-store purchases or ATM withdrawals.
BIN Attack: A fraudster obtains the BIN (Bank Identification Number) of a particular bank and runs an algorithm to attempt transactions on many cards at once.
Lost/Stolen Cards: An opportunistic thief will steal a card or find a lost card and use the card to steal funds.
Not Received Intercepted (NRI): A new or replacement card is either intercepted before it arrives or is stolen from the customers letterbox.
Digital Wallet Fraud: A customer’s card is compromised and then the fraudster adds the card to a digital wallet by gaining access to the OTP sent to the customer. This can be by phishing, impersonation scams, IDTO (ie updating the number on file), remote access etc.
Transaction Laundering: A fraudulent merchant processes payments, often to disguise illegal activity.
Invoice Fraud: Fake invoices are sent to businesses in hopes of unauthorized payment being processed.
Procurement Fraud: Manipulation or collusion in the tendering process to defraud organisations.
Misappropriation of Funds: An employee or insider diverts company money or assets for personal gain.
Business Email Compromise (BEC): A scammer impersonates a company executive or vendor to trick staff into making unauthorised payments.
Investment Scam: Fake investment opportunities (often in crypto or forex) that promise guaranteed or very high returns.
Remote Access Scams: Victims are convinced to give a scammer remote access to their computer, often under the guise of tech support.
Romance Scam: Scammers build fake online relationships to emotionally manipulate victims into sending money or personal information.
Fake Job Ads: Scams disguised as job offers to steal personal info, collect fees, or recruit money mules.
Structuring (Smurfing): Breaking up large transactions into smaller ones to avoid AML reporting thresholds.
Sanctions Evasion: Conducting financial transactions that violate sanctions laws or attempt to hide sanctioned entities.
Terrorism Financing: Funding activities that support terrorism, often hidden through legitimate channels or charitable fronts.
Chargeback Fraud: Someone makes a legitimate payment, then falsely disputes the charge to get a refund.
Friendly Fraud: Someone close to the victim such as a friend, family member, housemate etc, commits fraud against them.