From November 17 to 21, 2025, the Association of Certified Fraud Examiners (ACFE) sponsors International Fraud Awareness Week. While traditionally viewed as an accounting or compliance concern, modern fraud is fundamentally a cybersecurity problem.
The walls between technical intrusion (hacking) and financial crime (fraud) have collapsed. Today, the most damaging enterprise breaches rarely start with a zero-day exploit; they begin with phishing, impersonation, and social engineering—the core tenets of fraud.
For cybersecurity professionals, this week is no longer a peripheral event; it is a critical reminder that defense strategies must shift to combat the human element and the deceptive capabilities of the current threat landscape.
The purpose of Fraud Awareness Week, as championed on the FraudWeek.com site, is to raise the public profile of fraud and encourage organizations to take proactive measures to mitigate risk.
The urgency is amplified by technology. Adversaries are no longer relying on simple typo-ridden emails. The Microsoft Digital Defense Report 2025 highlights the frightening reality of "the rise of deepfakes and synthetic identities" fueled by AI (page 33); link to the full report in the article.
Generative AI allows threat actors to rapidly create convincing phishing campaigns, craft highly targeted Business Email Compromise (BEC) scripts, and even synthesize realistic voice and video to bypass standard verification processes. Fraudulent identity creation and attack sophistication are now scalable, moving at machine speed.
[RELATED: 5 Emotions Used in Social Engineering Attacks, with Examples]
"Agentic AI is transforming the fraud landscape at an unprecedented pace. With autonomous decision-making and adaptive learning capabilities, fraudsters now use AI to craft context-aware phishing schemes and deepfake videos and voices that blur the line between authenticity and manipulation. These intelligent scams are rapidly eroding consumer trust, with 39% of consumers citing AI-driven phishing as their top modern fraud concern," said Patrick Harding, Chief Product Architect at Ping Identity. "International Fraud Awareness Week underscores the urgent need for vigilance in this new era where defense and deception are evolving in parallel. Intelligent threats demand equally intelligent defenses. Organizations must invest in systems that detect and respond to attacks in real time while continuously learning and adapting to new tactics."
Harding continued, "Effective identity and access management now requires evaluation of the full context behind each agentic AI access request, including intent and behavior. By combining adaptive authentication with AI-driven fraud detection, organizations can anticipate emerging risks, strengthen digital trust, and protect identities in an increasingly autonomous and agentic world."
The biggest financial threats often rely on deceit rather than coding prowess. A successful BEC attack—where an attacker spoofs an executive's identity to authorize fraudulent wire transfers—can cost millions without ever requiring a single server compromise. In fact, many high-profile ransomware gangs now use social engineering and BEC techniques for initial access, making fraud the gateway to the network breach.
Vigilance during Fraud Awareness Week is not just about training employees to spot phishing links; it's about demanding accountability from the entire digital ecosystem.
For enterprises: governing the trust layer
CISOs must implement controls that assume the trust layer is compromised. This means prioritizing controls that fight identity fraud:
-
Payment verification: Mandate out-of-band verification (e.g., a voice or video call on a separate, verified line) for all large financial transactions, no matter the internal source.
-
Identity analytics: Deploy User and Entity Behavior Analytics (UEBA) to flag anomalous activity. The person who always uses Slack for approvals and suddenly switches to email for a $500,000 transfer should be immediately flagged.
-
Endpoint integrity: Ensure your Mobile Threat Defense (MTD) strategy protects against credential harvesting and session hijacking that facilitate identity takeover.
"As fraud becomes increasingly automated and borderless, the integrity of digital commerce depends on how well we understand and secure identity in motion. Fraudsters now operate with the same tools that power innovation—AI, automation, and global connectivity—and exploit every gap between security layers," said Gunnar Peterson, CISO at Forter. "Resilience begins by moving beyond transaction-level checks to a continuous view of identity, tracking how legitimate and fraudulent behavior evolve across the entire customer lifecycle."
Peterson added, "Static fraud controls can't keep pace with dynamic, AI-driven threats. What's needed is identity intelligence that adapts in real time and connects behavioral, device, and network signals to discern intent, not just activity. By uniting global intelligence with adaptive detection, organizations can outpace emerging attack methods while preserving trust for legitimate customers."
A final thought from Peterson: "International Fraud Awareness Week is a reminder that preventing fraud isn't just about blocking bad actors; it's about enabling secure, seamless interactions that foster digital trust. Protecting identity at scale strengthens the entire ecosystem of online commerce, helping businesses grow with confidence and customers engage without fear."
For vendors: securing the supply chain's weakest link
Vendors and suppliers are increasingly targeted as the path of least resistance into a major corporation. If a vendor's internal finance team is hit by a BEC scam, it often leads to disruption and liability for the enterprise customer.
[RELATED: Can We Trust Cybersecurity Firms that Fall Victim to Cyber Attacks?]
Vendors must treat their internal anti-fraud controls (e.g., procurement process security) with the same rigor as their external-facing product security. This includes:
-
Vetting for financial security: Enterprises must specifically audit vendors' financial controls. It is no longer enough to check if they have a SOC 2 report; you must verify their controls against account takeover (ATO) and internal invoice fraud.
-
MFA on everything: Demand phishing-resistant MFA across all vendor accounts, especially those tied to billing, invoicing, or privileged administrative access to customer data.
The modern threat actor uses code to find an entry point, but they use deception and fraud to monetize the attack. As the ACFE reminds us this week, fighting fraud is fighting the most profitable vector of cybercrime today.
"Fraud is escalating in both sophistication and scale, with attackers leveraging AI, automation, and organized rings to exploit vulnerabilities. Over the past year, their tactics have diversified, targeting people, identity elements, and prevention systems," said Simon Horswell, Senior Fraud Specialist at Entrust. "Attackers are using psychological manipulation through phishing, social engineering, and impersonation scams to trick individuals into sharing their own genuine credentials or transferring funds."
"Meanwhile, attackers are also targeting identity documents and attempting to bypass biometric systems with deepfakes, which now account for one in every five biometric fraud attempts," Horswell said. "On a more technical level, attackers are also targeting prevention systems with injection attacks, which surged 40% over the past year, as well as device emulation and automated bot attacks, to bypass the very technology that's meant to stop them."
Horswell concluded, "This International Fraud Awareness Week is a reminder that identity is now at the frontline of fraud. As fraud evolves with AI, organizations must secure every layer—people, identity, and systems—with AI-driven defenses to adapt and stay ahead of fraud."
