1. Identity Theft
Fraudsters steal personal information in order to impersonate their victims online, enabling fraudulent account openings and loan applications.
For example, in taking over a user’s account, attackers might steal personal information about the victim, such as their name, address, or Social Security number. This information can then be used for further fraudulent activity like opening accounts or applying for credit in the victim’s name.
In 2024, the FBI reported that cyber-enabled fraud, including identity theft, accounted for almost 83% of all reported financial losses, which totaled $13.7 billion.
2. Account Takeover (ATO)
Criminals gain unauthorized access to online accounts using stolen login information or other credentials, resulting in financial theft and data breaches.
Bots can automate credential stuffing attacks, rapidly testing thousands of stolen username-password pairs.
Once they’ve accessed a victim’s account, attackers can commit any number of crimes, from making fraudulent purchases using stored payment data, to posting fake reviews under the victim’s name, to distributing phishing emails like the ones described above.
3. Phishing and Social Engineering
A broad and opportunistic form of email-based cyberattack in which the attacker sends out a deceptive message to many users at once, hoping to trick some of them into sharing sensitive information.
For example, a phishing email that looks like it’s from HR tricks users into entering their credentials on a fake website, which leads to a data breach.
4. Payment Fraud
Unauthorized financial transactions like stolen credit card usage and false refund requests. In 2023, online payment fraud was projected to reach $48 billion in global losses. And in 2024, attempts to make purchases using stolen credit card numbers accounted for more than 51% of all checkout traffic in the retail and ecommerce sector.
5. Synthetic Identity Fraud
Fraudsters create new identities by combining real and fake information. These identities can then be used for crimes like the creation of fraudulent financial accounts.
For example, a cybercriminal combines a fake name and birthdate with a real stolen Social Security number to open a credit card account. This is one of the fastest-growing forms of financial crime in the US, and it significantly impacts banks and lenders.
Synthetic identities can also be used for other types of fraud, such as evading regulatory scrutiny or conducting influence campaigns.
6. Business Email Compromise (BEC)
A highly targeted form of email-based cyberattack. Attackers impersonate specific executives or vendors to manipulate employees into sending money or sensitive information.
BEC was a leading cause of financial loss in 2024, with the FBI’s Recovery Asset Team focusing on freezing fraudulent funds.
7. Loyalty and Reward Fraud
Fraudsters manipulate customer reward programs using fake accounts or points stolen from accounts that have been compromised through ATO. These schemes usually target retail, travel, or food delivery platforms. Major retailers report millions in annual losses.
8. Refund and Return Fraud
Criminals exploit return policies by accessing the purchase history of a compromised account, then exploiting refund policies by requesting refunds on products they never purchased, or by returning different or damaged items (or nothing at all).
E-commerce platforms face escalating losses, especially during peak shopping seasons.
9. Promotion Abuse
Attackers exploit online discounts and sign-up bonuses using multiple accounts or bots. For example, fraudsters might create multiple fake or synthetic accounts to collect rewards for referring “friends” which are actually just more fake accounts the attacker controls.
Food delivery apps in particular report widespread abuse of new-user promotions, which costs these companies millions annually.
10. Online Marketplace Fraud
Includes fake seller listings, buyer scams, and feedback manipulation. Major marketplaces regularly remove thousands of fraudulent listings to protect legitimate users.