First-Party Fraud Surpasses Scams to Become the Leading Form of Global Attacks

Rhea-AI Summary

LexisNexis Risk Solutions' annual Cybercrime Report reveals a significant shift in global fraud patterns during 2024. First-party fraud has emerged as the dominant form of fraud, accounting for 36% of all reported cases, up from 15% in 2023. The analysis of 104 billion global transactions shows that Account Takeover (ATO) fraud represents 27% of cases, while scams account for 11%. The report highlights concerning trends, including that 11% of password reset attempts were fraudulent, rising to 27% for desktop-initiated requests. Regional attack rates vary significantly, with EMEA showing the lowest at 0.6%, while North America experiences 2.2%. Despite a relatively stable global picture with only a 1% increase in human attack rates and a 15% decrease in bot attacks, LexisNexis warns of a potential upcoming wave of AI-enhanced cyber threats.

Positive

• Global bot attacks decreased by 15% in 2024
• EMEA maintains the lowest regional attack rate globally at 0.6%
• LATAM experienced a sustained decrease in attack rate to 1.6%

Negative

• First-party fraud more than doubled to 36% of all reported fraud in 2024
• 11% of password reset attempts were fraud attacks, rising to 27% for desktop attempts
• Financial Services firms saw an 18% increase in automated bot attacks
• APAC's attack rate grew significantly by 37% through 2024
• AI-powered fraud expected to increase in 2025

Insights

Cybersecurity Risk Analyst

First-party fraud now dominates global cyber attacks, signaling shifting threat landscape and potential growth opportunities for RELX's LexisNexis Risk Solutions.

The 2024 LexisNexis Cybercrime Report signals a significant shift in fraud patterns, with first-party fraud now representing 36% of all reported fraud globally, up from 15% the previous year. This dramatic 140% increase positions first-party fraud as the leading type of attack, surpassing account takeover fraud (27%) and scams (11%).

The data reveals concerning vulnerabilities in password reset processes, with 11% of all reset attempts flagged as fraudulent, rising to 27% for desktop-initiated requests. This represents a critical attack vector that organizations must address.

While global attack rates have stabilized with only a 1% increase in human attacks and a 15% decrease in bot attacks, this apparent calm likely masks an impending storm of AI-powered threats. The report explicitly warns that cybercriminals are adopting AI-enhanced capabilities that will be extensively tested and deployed in coming months.

Regional attack patterns show EMEA maintains the lowest rate at 0.6%, while APAC experienced a concerning 37% increase. Sector-specific trends reveal Communications, Mobile and Media companies saw a 15% attack rate increase, while Financial Services experienced an 18% uptick in automated bot attacks.

For RELX investors, this report demonstrates LexisNexis Risk Solutions' extensive cybersecurity intelligence capabilities (analyzing over 104 billion global transactions) and positions the company advantageously in the evolving fraud prevention market. As organizations face this shifting threat landscape, demand for sophisticated fraud detection solutions that can specifically target first-party fraud will likely increase, potentially driving growth in RELX's Risk division.

• Periods of inflation and rising living costs likely contribute to an increase in opportunistic fraud against financial services, ecommerce and other sectors
• AI-powered fraud expected to increase in 2025

ATLANTA, May 13, 2025 /PRNewswire/ -- LexisNexis® Risk Solutions releases its annual Cybercrime Report, an analysis of over 104 billion global transactions in the LexisNexis® Digital Identity Network® platform during 2024. The report, The Calm Before the Storm?, shows a significant swing in the composition of global fraud attacks, with first-party fraud now the leading type globally, representing a third (36%) of all reported fraud in 2024, up from 15% the year before.

First-party fraud includes misrepresenting or giving false personal or account information for financial gain, such as when applying for a loan, claiming a credit or debit card purchase is fraudulent in order to get a refund (known as friendly fraud), or claiming ordered goods were not delivered. Buy Now, Pay Later (BNPL) providers and financial institutions are among the organizations reporting an uplift in first-party fraud, which is known to be exacerbated by periods of inflation and the rising cost of living. Increased institutional liability for scams, driven by regulation, is also likely having an impact.

Key vulnerabilities

Account takeover (ATO) fraud – fueled by phishing and smishing activity – represents a further 27% of global reported fraud (down by ~2% year on year), while scams, including authorized push payment (APP) fraud, represent 11% of cases (down from 16% of cases in 2023). The report also found one in nine (11%) password reset attempts in 2024 was a fraud attack, rising to over one in four (27%) reset attempts initiated on a desktop computer.

"These findings represent a notable shift in global fraud patterns, with consumers now emerging as the single largest source of human-initiated fraud," said Stephen Topliss, vice president of fraud and identity, LexisNexis Risk Solutions. "The change in composition of attacks presents a significant challenge for fraud prevention since detecting first party fraud requires a subtly different approach from detecting scams or account takeovers. Organizations can't afford to be complacent, however – there were more than three billion brute-force automated account takeover attacks detected last year alone and scams remain a global problem. It is vital for organizations to have models tuned to detect these varied forms of fraud."

Sector-specific and regional trends

After two years of substantial increases in overall global[1] attacks, the latest Cybercrime Report finds that rates began stabilizing in 2024, with only a marginal (1%) increase in the human attack rate and a 15% decrease in global bot attacks – algorithms designed to break into customer accounts using stolen credentials. However, LexisNexis Risk Solutions believes this relatively calm global picture may obscure underlying signs of a coming storm powered by AI.

The attack rate on Communication, Mobile and Media (CMM) companies increased by 15% year on year and global Financial Services firms saw an 18% uplift in automated bot attacks.

Attack rates also vary at a regional level:

• EMEA continues to see the lowest regional attack rate globally at 0.6% of transactions, according to the LexisNexis® Identity Abuse Index, which records daily attack rates.
• LATAM has also seen a sustained decrease in its attack rate (1.6%) since the end of 2023, now putting it lower than North America at 2.2%.
• In contrast, APAC's attack rate grew significantly by 37% through 2024, now standing at 1.5% of all transactions in the region.

Topliss continued, "We are at a potential tipping point. While many organizations have improved their defenses over the past few years, we also know that cybercriminals are embracing new innovative, AI-enhanced capabilities and we will likely see these extensively tested and executed over the coming months. Our analysis of attacks over a longer multi-year period shows that significant attacks often come in waves and this latest set of figures could indicate the imminent arrival of the next, AI-enabled wave of global attacks."

Download a copy of The Calm Before the Storm? LexisNexis® Risk Solutions Cybercrime Report now.

Methodology: The LexisNexis Risk Solutions Cybercrime Report analyzes over 104 billion transactions through its LexisNexis Digital Identity Network between January and December 2024. It identifies fraud attempts during near real-time analysis of consumer interactions across the online journey, from new account creations, logins and payments to non-core transactions such as password resets and transfers.

About LexisNexis® Risk Solutions

LexisNexis® Risk Solutions harnesses the power of data, sophisticated analytics platforms and technology solutions to provide insights that help businesses across multiple industries and governmental entities reduce risk and improve decisions to benefit people around the globe. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information-based analytics and decision tools for professional and business customers. For more information, please visit LexisNexis Risk Solutions and RELX.

Media Contact:
Ade O'Connor
Senior Manager, International Media Relations
ade.o'connor@lexisnexisrisk.com
+44 7890 918 264

¹ The attack rate is the volume of high-risk transactions detected, expressed as a percentage of the overall volume of transactions in the network.

 

View original content to download multimedia:https://www.prnewswire.com/news-releases/first-party-fraud-surpasses-scams-to-become-the-leading-form-of-global-attacks-302452676.html

SOURCE LexisNexis Risk Solutions

FAQ

What is the leading type of fraud globally according to LexisNexis 2024 Cybercrime Report?

First-party fraud became the leading type of global fraud in 2024, representing 36% of all reported fraud, up from 15% in 2023.

How many transactions did LexisNexis analyze in their 2024 Cybercrime Report?

LexisNexis analyzed over 104 billion global transactions through their Digital Identity Network platform during 2024.

What percentage of password reset attempts were fraudulent in 2024?

11% of password reset attempts were fraudulent, with this number rising to 27% for reset attempts initiated on desktop computers.

Which region had the highest and lowest attack rates in 2024?

EMEA had the lowest attack rate at 0.6%, while North America had the highest at 2.2% of transactions.

What is the outlook for AI-powered fraud attacks according to LexisNexis?

LexisNexis warns of a potential upcoming wave of AI-enhanced cyber threats, with AI-powered fraud expected to increase in 2025.