Merchant Fraud Journal

From Phishing to Friendly Fraud: Anticipating 2024’s Fraud Dynamics

AI-enabled attacks changed the fraud landscape in 2023 by enabling more convincing impersonations and faster pivots to new attacks–and many businesses were caught unprepared. Planning now for next year’s emerging fraud trends can help your business stay a step ahead of criminals’ new tactics, to protect your revenue and your customer relationships. Let’s look at several growing fraud issues that are on the rise and have greater potential to impact your business and affect your customers in 2024.

AI-backed phishing attacks

Phishing–the deception of consumers and employees to steal sensitive data–has been a problem for decades, but now security watchdogs say AI capabilities are making these attacks harder to detect. The European Union’s cybersecurity agency recently warned that the combination of stolen personal and behavioral data plus machine learning and automation have made it easier for criminals to craft realistic-seeming phishing messages, and to deploy them at scale.

The change in phishing tactics poses two threats to businesses. The first threat is to customer relationships. When consumers fall for phishing attacks that impersonate a trusted brand, it erodes their confidence in that brand and may turn them away for good. To reduce your brand’s risk, communicate clearly and often about what information you will and won’t ask for via email, text, or on your website.

The second threat is to employees within the company who may fall for an advanced phishing scam impersonating a platform or vendor that the company uses. This kind of attack can lead to financial losses and to ransomware attacks that can cause serious business disruptions. The most effective way to avoid these types of attacks is to fight AI with AI-based email screening solutions that can separate legitimate requests from scams.

Brand impersonation

AI-enabled phishing scams are a subset of a much larger category of brand impersonation attacks that take a variety of forms to dupe consumers into sharing their payment information or their login credentials. Brand impersonation can take the form of fake social media accounts that post fake promotions and surveys, ads on social media and online that direct consumers to impostor websites, ads for counterfeit goods, fake email marketing campaigns, and even texts and phone calls posing as brands to capture sensitive data. The US Federal Trade Commission reported that consumer losses to business impostors rose from $195 million in 2020 to $660 million in 2022.

Social listening and regular checks for your brand name online can help your business detect impersonators, but for high profile brands this can quickly become an all-consuming task. Because it’s so easy to create a social profile, ad campaign, or website, impersonators can create new fakes as soon as their existing scams are detected, reported, and taken down. Businesses facing a high volume of brand impersonation attacks should communicate with their customers about which of their sites, social accounts, and communication channels are legitimate. They should also consider dedicating in-house or third-party resources to continuous brand monitoring.

Synthetic identity fraud

Like phishing and AI, synthetic identity fraud itself is not new. Organized fraud rings have long combined personal data from real victims with completely fabricated data to create new identities that they can use to open bank accounts and then apply for credit cards and loans. When the credit comes through, they spend it and then disappear–and the banks and businesses that extended them credit are left with no way to recover their losses, because the customer never really existed.

The new problem is that criminals are leveraging AI to create more convincing supporting documents, like IDs and leases, to get past identity checks required by banks and other lenders. Criminals are also using automation to synthesize batches of identities, so they have more opportunities to steal credit. As a result of these new strategies, synthetic identity fraud losses are forecast to approach $5 billion by the end of 2024. Like AI-enabled phishing, this is an area where businesses that extend credit to customers should consider an AI-based solution to detect synthetic identities.

Check fraud

Because people write so few checks anymore, it seems like check fraud should be in decline. Instead, it’s on the rise, with gangs breaking into mailboxes en masse and even robbing postal workers to steal mail for checks. USPS says mail theft and robbery are increasing, which puts more consumers and businesses at risk for check-washing scams that remove the payee names and payment amounts, to replace them with their own information.

While some consumer advocates recommend only mailing checks from a post office facility rather than leaving them in an outgoing mailbox, that doesn’t guarantee that checks won’t be stolen at the delivery point or en route. A safer business practice is to transition away from sending checks to vendors and service providers and use a digital payment service instead.

Friendly fraud

A recent survey of businesses found that close to 75% of retailers experienced an average 19% increase in friendly fraud in 2023. Friendly fraud is considered one of the most difficult forms of fraud to prevent because it occurs when a previously good customer or a new customer with no fraud history requests a chargeback based on a false claim that the item never arrived, wasn’t as described, or arrived damaged.

Sometimes, this fraud is intentional. However, the report also surveyed consumer behavior and found that 72% considered filing a chargeback “a valid alternative” to contacting the merchant for a refund or replacement, indicating that many consumers may be committing fraud without intending to do so. Two solutions for addressing friendly fraud are delivery tracking tools that confirm the arrival of packages and return and refund processes that are easy for customers to locate and use, so they’re not tempted to file a chargeback out of convenience.

As we head into the new year, it’s also a good time to review your business’ fraud metrics from the past 12 months, to see what types of fraud affected your business the most frequently and which types caused the highest losses. Start the new year with an understanding of your particular fraud challenges and the wider fraud trends you may soon face, so you can prepare now to better protect your business through better customer communication and the adoption of more AI-based tools designed to thwart AI-enabled fraud.


Rafael Lourenco is Executive Vice President and Partner at ClearSale, a global card-not-present fraud protection operation that helps retailers increase sales and eliminate chargebacks before they happen. The company’s proprietary technology and in-house staff of seasoned analysts provide an end-to-end outsourced fraud detection solution for online retailers to achieve industry-high approval rates while virtually eliminating false positives.

Follow on LinkedInFacebookInstagram Twitter @ClearSaleUS, or visit https://www.clear.sale

Exit mobile version