How can brands fight high-volume fraud?

In January, an HSBC customer was alerted that someone was trying to access her bank account. Calling the number in the message, the customer gave what she believed was an HSBC representative some personal details. Soon after, over $30,000 disappeared from her account.

Phishing attacks have exploded in recent years. In 2024, HSBC customers alone lost over $4 million to this single fraudulent campaign. No enterprise is immune to the threat of online fraud, and trusted businesses have become prime targets for brand impersonation. Criminals exploit consumer familiarity with banks and online utilities to elicit payment details.

Fraudsters can be just as creative as the brands they imitate. They use multiple channels to attack consumers, including SMS (smishing), voice (vishing), and email. Modern technologies have also made it easier to launch phishing attacks, increasing both the frequency and the effectiveness of these attempts. So, why are brands facing a higher volume of online fraud, and how can they tackle these emerging threats?

Why are phishing attacks growing in scale? The rise of high-volume fraud.

Online fraud is a crime of opportunity, with infringers attacking as many consumers as possible through widespread campaigns. The year 2023 was a record year for phishing attacks, with nearly 5 million observed by the Anti-Phishing Working Group. One contributing factor is the rise in digital interactions between brands and consumers, which creates new avenues for fraud. Banking, telecom, and technology brands are especially attractive targets because they rely heavily on digital communications to connect with customers.

Customer login credentials are commonly stolen through phishing, and can lead to multiple layers of victimization if those credentials are reused across different platforms.

US consumers alone lost over $10 billion to fraud in 2023, with email-based attacks the most common threat.

Fraudsters hijack brand assets, including logos, to trick even cautious consumers into believing phishing emails are legitimate. Virtually no one is immune. Tech-savvy customers can still struggle to spot sophisticated phishing attacks, especially when social engineering tactics create a sense of urgency.

Phishing affects both consumers and brands. Many brands pay significant sums to compensate customers, but the reputational damage can be even more costly. Once trust is compromised, restoring it becomes difficult, time-consuming, and sometimes impossible.

How are criminals switching up their strategies? Phone-based fraud has exploded.

Fraudsters are rapidly adapting their methods. Increasingly, they target smartphones, leveraging the rise of mobile commerce and mobile banking. SMS-based scams, known as smishing, have surged because smartphones lack the sophisticated security filters built into most email platforms. This makes it easier for fraudsters to reach potential victims, and recipients have limited ways to verify a text message’s legitimacy.

Voice-based fraud, known as vishing, has also seen dramatic growth. Crane Authentication observed a 260 percent increase in vishing incidents in Q4 of 2023 compared to the previous year. With AI, criminals can now mimic the voices of trusted colleagues or family members, which makes scams even more convincing.

In Q2 of 2024, phone numbers accounted for 25% of all fraud-related assets identified by OpSec.

How are criminals turning to new technologies? The influence of AI and automation.

AI provides powerful tools for brand protection, but it also arms scammers with new capabilities. Deepfakes can manipulate facial expressions and create convincing fake video content. For example, UK engineering firm Arup lost $26 million after an employee was deceived by an AI-generated video call impersonating a colleague.

AI can also analyze massive amounts of breached personal data, which enables criminals to craft highly targeted and personalized phishing messages.

Fraudsters use phish kits and automated deployment tools to launch attacks at scale, sometimes with just a few clicks. This increased automation means brands must detect and respond to threats faster than ever before.

According to the Harvard Business Review, 60% of consumers typically fall victim to AI-generated phishing attacks.

How are the rules changing around customer compensation? The impact of new regulations.

Regulators are increasing pressure on brands to protect consumers and reimburse victims. In October 2024, the UK Payment Systems Regulator introduced rules requiring banks and payment providers to refund fraud victims up to $110,000 unless the customer acted with gross negligence.

The United States is considering similar legislation, while India’s telecom regulator now requires service providers to block all spam calls.

Although these regulations target specific industries, consumers are beginning to expect the same level of protection across sectors.

So, how can brands tackle high-volume fraud?

The takeaway is clear. Brands must act fast to stop fraud. Effective prevention requires intelligence gathering and real-time enforcement to limit risk exposure. With phone-based fraud soaring, comprehensive coverage across all major digital channels has become essential.

A robust response also includes consumer and staff education to help users recognize sophisticated scams. As fraudsters continue evolving their tactics, many brands may need support from dedicated specialists who track emerging threat signatures and identify malicious assets at scale.

By adopting a comprehensive and proactive strategy, brands can shut down fraudulent activity before it harms customers, damages reputations, or disrupts business operations.

Crane Authentication. Your defense against brand impersonation and fraud.

Crane Authentication delivers powerful protection against online fraud and brand misuse. Our platform ingests data from all critical global channels for rapid detection and enforcement. Each day, we evaluate over 50 million URLs to uncover fraudulent assets, and our calling automation tool processes thousands of phone numbers.

Whether you are facing one phishing attempt or one thousand, our process is consistent, scalable, and reliable. This helps brands stay protected in an increasingly complex digital threat landscape.

Ready to take action? Discover how Crane Authentication can safeguard your brand and customers from high-volume fraud.