Online Fraud 2025: What Truly Shaped the Industry. Experts Look Back
The year 2025 was one of the most dynamic and challenging in the field of online fraud. New AI-powered attack methods, ever-lower technical barriers to entry, and internationally operating fraud networks have changed the fraud landscape more profoundly than in many years before.
Fraud at the Push of a Button: The New Reality of 2025
The industrialization of fraud is a key pattern that emerged in 2025 across numerous presentations, conferences, publications, and exchanges with European investigative bodies. Automated social engineering campaigns, deepfake voices and videos, and real-time fraud via chats and calls have increased significantly. In parallel, a subscription-based fraud infrastructure has emerged: Phishing panels, stealer bots, and complete fraud flows can now be purchased as ready-made packages – including onboarding, payment redirection, and mechanisms for circumventing KYC or security processes.
This development is increasingly described as Fraud-as-a-Service 2.0: scalable, organized with a division of labor, and globally available. Particularly alarming is how drastically the technical barriers to entry have fallen. Sophisticated fraud tools are no longer reserved for highly professional criminal groups but are accessible to virtually any criminal organization.
To contextualize this development from different perspectives, we asked our customers, partners, and experts in payment, banking, retail, and fraud prevention:
💬 What was the biggest change in online fraud for you in 2025 – and why?
💬 Which fraud patterns or attack methods surprised you the most in 2025 – and how did you react to them?
The answers paint a clear picture and provide valuable insights for anyone involved in fraud prevention, risk management, and digital security:
Frank Heisel, CEO of RISK IDENT
2025 was a turning point – AI professionalized fraud.
“2025 showed us just how much AI has professionalized fraud – from deepfakes to automated social engineering. For our clients, this means: prevention must become more visible, faster, and more integrated. This is precisely where we at RISK IDENT come in.
What gives me cause for optimism is the growing unity within the fraud community. Through our Fraud Circles, the online fraud forum, and our exchange with banks, merchants, and platforms, we see how crucial shared insights have become.
2026 will be decisive – those who combine data, identity signals, and community knowledge with solutions like ours not only protect transactions, but above all, customer trust.”
Erik Scheil, Lead Fraud Management at TeamBank
2025 has shown how credible AI-driven fraud has become.
“2025 has demonstrated how much criminal groups have professionalized through AI and LLMs. Targeting victims, forging documents, and creating fake websites have become significantly more credible, and the barriers to entry into the fraud scene are decreasing. Investment fraud remains a key trend and increases the expectation that fraud prevention will become a more visible part of the customer journey. On a positive note, banks, telcos, and service providers are collaborating more closely, and PSD3/PSR are creating the foundation for joint anti-fraud platforms.”
Julian Zander, Team Lead Fraud Detection at OTTO Payments
Payment Fraud 2025: Faster, More Massive, More Data-Driven.
“By 2025, we saw a massive increase in attacks using phished credit cards – not only in number, but also in speed and precision. Within minutes, dozens of cards were tested in compromised accounts, often with a conspicuously high number from Spain and Singapore. Thanks to AI-powered systems, we were able to fend off most attacks, but this development clearly shows that payment fraud remains one of the most dynamic areas in fraud prevention. Attackers are scaling their methods, so we need to develop our protection mechanisms just as quickly.”
Nina Cercy Dugué, D2C Fraud Manager at GroupSEB
Chargeback abuse, new risk models, and highly creative fraud tactics.
“In 2025, the abuse of commercial disputes and chargebacks increased massively – especially via providers like Klarna and Revolut. Many customer service teams were unprepared for this, which made detection difficult.
A major turning point was the change in Adyen’s model: no more fixed rules, but risk thresholds and dynamic 3DS exemptions. This system proved surprisingly effective and significantly increased authorization rates.
We are also observing new, creative fraud tactics – such as systematically delaying package pickup in order to later claim ‘not picked up’ after carrier investigations are no longer possible. This demonstrates how inventive professional fraud groups have become.”
Janes Holland, Managing Director of Animus Blue GmbH:
By 2025, phishing will have become multi-stage, professional, and barely recognizable as fraud.
By 2025, phishing will have shifted from simple “link → phishing page” to professional, multi-stage attack chains that utilize legitimate services and thereby build trust. Since attacks increasingly originate from previously compromised real accounts, traditional warning signs are disappearing. At the same time, the imbalance between the high degree of automation employed by attackers and the often manual verification processes on the part of defenders is growing.
Infostealers remain the central threat. They gain access to accounts and entire digital identities, which are then fully exploited. Attackers eavesdrop on accounts, collect information, and use it for convincing spear phishing. When the benefits diminish, the access is resold underground, often to ransomware groups.
Infostealers increasingly gain access to systems via web browser attacks, often without triggering traditional antivirus solutions. Perpetrators compromise legitimate websites to create the illusion of a trustworthy environment for visitors.
The convergence of large groups like Scattered Spider and ShinyHunters is striking, demonstrating the increasing professionalization of these attacks. At the same time, even these groups have fallen victim to information theft, highlighting the growing sophistication of the attacks.
We responded with targeted training measures based on current attack patterns and real threat data. This enabled employees to recognize new deception techniques early on. Simultaneously, we analyzed the perpetrators’ infrastructure to quickly identify and block the servers, domains, and other technical traces they used. By “burning” the infrastructure, attackers lose their operational base and have to build new systems. This generates time and costs, increases the risk of errors, and creates additional avenues of investigation for law enforcement.
Dr. Sven Kurras, Director of Analytics at RISK IDENT:
Agentic Commerce will present its biggest challenge in 2025/2026 – distinguishing good bots from bad ones.
“2025 was the year that agentic commerce moved from the future into reality. While previously we primarily had to differentiate between ‘bot’ and ‘human,’ the industry now faces a completely new challenge: separating good bots from bad ones. AI-powered shopping and service agents offer enormous potential – but they also open up new avenues for fraud that are still largely unexplored.
What particularly concerns me is that we are seeing, for the first time, practical support from AI language models in fraud prevention. From joint transaction analysis and generative BI to autonomous risk agents for behavior-based pattern recognition: AI is becoming part of operational fraud prevention.
2026 will determine who integrates AI effectively and who is overwhelmed by the next wave of attacks.”
