Common types of financial fraud explained

Your guide to understanding the different types of fraud and their impact on your financial institution

Although we tend to view fraud as one general activity, it’s a bit more complicated than that. Whether the endgame is stealing private information, money or both, bad actors aren’t bound by a one-size-fits-all approach. They’re continually innovating ways to get what they want. Aided by technology, today’s fraudsters are more active—and more resourceful—than ever. And as fraud continues to become increasingly sophisticated, companies will need to develop better strategies to identify and stop the various types of fraud.

It’s especially important for businesses and financial institutions to understand how different kinds of fraud manifest themselves in common interactions. Having deep knowledge about fraud types and their potential impact will help institutions strengthen their security monitoring processes during onboarding and beyond. The ideal goal is to outsmart the fraudsters before they ever have a chance to strike.

In this guide, we’ll review the three main types of fraud and various examples of each.

Only have a few minutes?

Learn all you need to know in our fraud types cheat sheet.

Check it out here

First-party fraud: when an individual tries to defraud a financial institution

In this type of fraud, an individual misrepresents their identity and/or their financial situation for personal gain. Here are a few common examples:

Friendly chargeback fraud

An individual makes purchases with a credit card and then disputes the charges through the issuing bank. Sometimes, the individual may knowingly dispute a charge they purchased to keep the product or receive the service and still get their money back. Other times, the individual may not recognize a charge on their statement, but actually, someone else in their household made the purchase without them knowing. Even though it’s impossible to determine how much will be specifically related to fraud, this type of scam is projected to make up roughly 60 percent of chargeback claims filed in 2023.

Synthetic fraud

In the case of first-party synthetic fraud, the fraudster combines made-up credentials, such as a fake SSN, with their real name and date of birth (DOB) to manipulate their identity. The goal is to misrepresent their own personal finances and credit history.

For example, a person with a poor credit score might use their own name and address along with someone else’s SSN to open a credit card account. A study conducted by The Carnegie Mellon CyLab Security and Privacy Institute reported that the SSNs of children are 51 times more likely to be used in synthetic fraud. This spells trouble not only for the financial institutions that lose money to the fraudsters, but also for the individuals who will have to clean up the lingering mess of identity theft for years to come.

Second-party fraud: when another person is pulled into the mix

Also known as identity manipulation, second-party fraud involves one person exerting psychological control over another in order to commit fraud. Here are three common ways this can happen:

Money muling

Working with a money laundering ring, a fraudster coerces a person into using their own PII (personal identifiable information) to apply for credit on behalf of the fraud operation. From there, the person becomes the fraud ring’s mule, transferring funds that have been acquired illegally. While some mules are willing accomplices, many others have no idea they’re participating in a criminal enterprise. Unfortunately, the start of the Covid-19 pandemic saw an uptick in mule activity, which increased by 41% in 2020 compared to pre-pandemic rates.

Vulnerable adult abuse

This type of fraud involves the targeting of adults older than 18 who are highly susceptible to abuse, intimidation, manipulation or exploitation because of some cognitive impairment, a mental illness, a physical illness or prolonged isolation. Often, the ideal target is an elderly individual who lives alone. Here’s one common scenario: A widow receives a phone call from a man who tells her she’s won a sweepstakes lottery. To receive her winnings, she’s told she must first pay taxes by wiring money from her bank account to the fraudster.

Romance scam

In a romance scam, also known as catfishing, the fraudster assumes a fake online identity and ingratiates themself with an unsuspecting target. Pretending to care for their victim, the fraudster wins their trust by expressing love or even proposing marriage. They then manipulate the victim into giving them money, usually by concocting some hard-luck story. The FBI warns that romance scam artists like to troll online dating sites in search of their next mark.

Third-party fraud: when a fraudster steals the most personal of all possessions

Third-party fraud refers to financial crimes that are committed while using someone else’s identity. The victim’s identity is appropriated, in part or in whole, through a number of methods, including:

Social engineering

A fraudster impersonates a legitimate party and reaches out to a target through an everyday social interaction. Examples include:

  • A “phishing” email sent by a fraudster pretending to be a legitimate charity asking for a donation

  • A “smishing” text message sent by a fraudster pretending to be the person’s bank and requesting they reset their passcode

  • A “vishing” phone call initiated by a fraudster pretending to be from the IRS

By earning the target’s trust, the fraudster is able to convince them to do their bidding, whether that means divulging PII, sharing an OTP (one-time password or pin), or wiring money.

One of the largest-ever social engineering scams was organized by a Lithuanian national, Evaldas Rimsauskas, whose team of fraudsters formed a fake company and sent phishing emails to employees at Google and Facebook. Rimsauskas and his associates scammed the tech titans out of more than $100 million before finally being caught.

Synthetic fraud

Similar to first-party synthetic fraud, this type involves a person using a made-up identity. In this context, however, their entire identity—name, DOB and SSN— is fabricated, and the fraudster is often involved in high-stakes organized crime. Check out our synthetic fraud deep dive here.

Account takeover

One of the most common types of third-party fraud is an account takeover. In this type of fraud, a bad actor is able to wrest control of a target’s online accounts, often by stealing their credentials. The cybercriminal might then withdraw money from the target’s bank account, open a new account in the target’s name, shop online using the target’s credit card, or even impersonate the target to redirect unemployment benefits. In a survey conducted in 2020, 38 percent of the respondents said they had been the victim of an account takeover within the past two years.

Identity theft

The most well-known type of third-party fraud, identity theft, occurs when a fraudster steals another person’s identity for personal gain. This includes opening new accounts in the target’s name without their knowledge. The identity thief will often steal someone’s financial information, especially their credit card account data, and then use it to purchase expensive goods, such as a TV or a computer. While identity thieves have been known to pick through someone’s trash in search of receipts, paid bills and business mail, most fraud related to identity theft is committed digitally.

According to the National Council on Identity Theft Protection, third-party fraud cases are up 70 percent from 2020.

Other types of fraud: a fluid state of affairs

As we have seen, there are many different kinds of fraud. Given technological innovation, the fluid nature of fraud and the dark side of human ingenuity, it’s inevitable we’ll see more types and examples in the years ahead. Here are some other types of fraud we have our eyes on:

Ambient fraud

Ambient fraud is the low-level fraud you see on a consistent basis. It is made up of both one-off bad actors and organized fraud rings testing for vulnerabilities in your fraud controls. Oftentimes, when the source of the ambient fraud identifies gaps in your controls, they will take advantage of those gaps, and turn the ambient fraud into a larger-scale fraud attack before you’re able to respond (or even realize that it’s happening). A robust Identity Decisioning Platform should mitigate most ambient fraud losses and make it harder for fraudsters to find vulnerabilities in your controls and exploit them.

Fraud attacks

Fraud attacks occur when the bad actors behind ambient fraud identify and exploit a vulnerability. There are two types of fraud attacks: fraud ring attacks and high-velocity attacks. A fraud ring attack is a coordinated operation conducted by a small but sophisticated group of fraudsters. A high-velocity attack is less organized, and occurs when an independent bad actor finds a weak point in your fraud defenses and publishes this information somewhere (usually on the dark web) for others to take advantage of it, resulting in a spike in volume at the top-of-the-funnel.

Peer-to-peer (P2P) payments fraud

P2P payments platforms like Cash App, Zelle, and Venmo make it easier than ever before to transfer money to small businesses or your friends and family, but they’ve also introduced new avenues for bad actors to defraud individuals and financial institutions. One popular tactic for P2P payment fraud is when fraudsters posing as legitimate businesses request payment for a product or service through a P2P payment platform. Once they receive the money, they disappear without providing the goods or services. P2P payments accounts are also just as vulnerable to account takeovers as regular bank accounts. As P2P payments fraud becomes more common, it is a growing area of focus for regulators and financial institutions alike.

Referral fraud

This type of fraud takes advantage of special referral incentives that brands use to win more customers. Posing as a legitimate customer, the scammer uses a financial institution’s referral program to receive or share rewards under false pretenses. There are four kinds of referral fraud: self-referral, exploitation, account cycling and broadcasting. You can read about each here.

Internal fraud

Also known as insider fraud, this type of fraud is committed by a financial institution’s own employees. These employees are likely to be under considerable pressure and susceptible to fraudulent activities. Three factors, commonly referred to as the Fraud Triangle, can explain the psychology behind internal fraud: an employee is highly motivated by the promise of personal gain, sees a convenient opportunity and is able to rationalize their deceitful behavior. Although internal fraud is perpetrated by a relatively low percentage of employees, its impact can be severe.

Triangulation fraud

This type of fraud involves an innocent shopper, a retailer and a fraudster. And here’s how it works: The fraudster sets up operations on a site that allows third-party sellers, such as Amazon or eBay. An interested shopper places an order and presents their credit card information. The fraudster instead uses a stolen credit card to buy the item from a legitimate retailer and have it shipped to the shopper. When the item arrives, they don’t think to question the purchase. They also have no clue their personal information is now part of an ongoing scam. Meanwhile, the owner of the first stolen credit card files a chargeback claim with the retailer after they spot fraudulent charges on their statement. The cycle then continues.

Reasons for cautious optimism

Fortunately, as cybercrime has increased, so has law enforcement’s ability to seek justice. In June 2022, Operation First Light, led by Interpol and involving officials from 76 countries, nabbed thousands of fraudsters and money launderers.

And thanks to PSAs, community outreach and even true crime shows, consumers themselves seem to be getting savvier about scams and fraud. Here’s an extreme example of someone who didn’t simply avoid being scammed—she helped catch the fraudster.

How FIs can fight back against fraud

Today’s financial institutions need better strategies for fraud-proofing their operations. It’s not enough to know your customer; you also have to know your fraudster and anticipate their methods. The first step is to learn how to identify which type of fraud you might be facing. The second is understanding how to prevent it. You want to outwit the con artists and criminals before they act.

Fraud types cheat sheet

Stop fraud before it stops you.

More on fraud

GUIDE
10 min read
How to stop a fraud attack

Fraud is unfortunately common in financial services. And while no two fraud attacks look the same, there are some standard processes that banks and fintechs should follow to effectively stop a fraud attack.

Read more

BLOG
5 min read
How you can stop fraud at the flip of a switch

You don’t want to get caught in a fraud attack and then have to scramble to figure out how to respond, build new workflows and integrate with new data providers. We share some tips on how you can stay one step ahead of fraudsters.

Read more

EBOOK
10 min read
Fintech fraud & compliance benchmark report

New research shows 92% of fintech companies are devoting more resources to battle fraud. See how your fraud and compliance strategy stacks up.

Download

BLOG
5 min read
Synthetic identities: why fraudsters need imaginary friends

Synthetic identity fraud is a growing problem. Fraudsters go to extreme lengths to craft identities—complete with social security numbers, names, addresses, and even loyalty program memberships—which they then use to carry out complex (and often costly) fraud schemes. In this post, we dive into the how, the why, and the what you can do about it.

Read more

See what you’re missing

First, we’ll learn about your needs, answer your questions, and then see how Alloy can help.
Back