Common Fraud Types Every Analyst Should Know
The most frequent fraud types you will encounter as a fraud analyst: identity theft, payment fraud, account takeover, and business fraud
By Benjamin, Fraud Attacks · Updated
Fraud comes in distinct categories, each with its own attack pattern. Payment fraud steals the transaction, identity fraud steals the person, social engineering manipulates the victim, and policy abuse exploits the rules themselves. This article walks each category so you can recognize the type when it lands in your queue.
1. The Story
James was three days into his first week at the bank's fraud operations center. Forty-seven cases in his queue.
He opened the first one. Customer claimed someone opened a credit card in her name. She'd never heard of the account.
Second case: wire transfer to an overseas supplier. Business owner said he never authorized it.
Third: retiree wired $40,000 to someone she met online. Said he was an Army surgeon stuck overseas.
Fourth: twelve new accounts opened yesterday, all from the same device fingerprint, all applying for credit cards.
Fifth: a merchant processed $200,000 last week after months of doing $3,000. Chargebacks starting to roll in.
He leaned back. Stolen identity. Compromised email. Romance scam. Bot attack. Bust-out scheme. Five cases, five completely different problems. They were all fraud, but that was like saying a mugging and an insider trading scheme were both crime.
The faster he learned which type he was looking at, the faster he'd know what questions to ask. Identity fraud meant pulling credit bureau data. BEC meant reading email headers. Romance scam meant reconstructing the timeline of the relationship.
Forty-seven cases. Forty-seven chances to learn.
This story is fictional, but the patterns are real.
2. Why This Matters
In Fraud 101, you learned what fraud is: intentional deception for gain. You learned the difference between third-party and first-party fraud, and you saw how fraudsters range from opportunists to organized rings.
Now you need to understand what fraud looks like in practice. Not one type, but the full set of categories you'll meet on the job.
Why does this matter?
Triage. When you're staring at a queue of cases, you need to recognize what you're looking at. A romance scam investigation requires different questions than a card-testing ring. Knowing the fraud type tells you where to look.
Patterns. Fraud types cluster. If you're seeing synthetic identity fraud at account opening, you might soon see bust-out fraud on those accounts. Understanding relationships between fraud types helps you anticipate what's coming.
3. The Major Fraud Categories
Fraud types can be organized many ways. Here's one that works: group them by what the attacker is after and how they get it.
What is payment fraud?
These attacks target the payment itself. Someone steals payment credentials and uses them.
Payment card fraud is the classic. Criminals obtain card numbers through data breaches, skimming devices (hardware that copies cards at ATMs or gas pumps), phishing, or dark web purchases. Then they use them.
Two flavors:
- Card-not-present (CNP): Online or phone transactions where the physical card isn't needed. Most e-commerce fraud is CNP.
- Card-present: Using counterfeit cards (cloned from stolen data) or stolen physical cards at retail locations.
You already learned about card testing in Fraud 101. That's often the first step: validate which stolen cards work, then use them for bigger purchases or sell them.
Check and ACH fraud is older but still common, especially in business contexts. Check washing alters legitimate checks (changing the payee or amount). Counterfeit checks use stolen account information. Check kiting exploits the float time between banks. ACH fraud involves unauthorized electronic debits from accounts.
Wire fraud targets high-value transfers. A single fraudulent wire can move millions. Criminals often use business email compromise (covered below) to redirect legitimate wires to accounts they control.
What is identity fraud?
These attacks exploit identity itself. The attacker either steals an existing identity or creates a fake one.
Account takeover (ATO) means gaining control of someone else's existing account. Attackers use credential stuffing (testing leaked username/password combinations from data breaches), phishing (tricking users into entering credentials on fake sites), SIM swapping (convincing phone carriers to transfer a victim's number), or infostealer malware (software that captures credentials from infected devices).
Once inside, they change account details, make purchases, steal stored value, or use the account as a launching point for further attacks.
The Account Takeover module covers this in depth.
Synthetic identity fraud is different. Instead of stealing a real person's identity, criminals create a fake one. They combine real data (often Social Security numbers from children, elderly, or deceased individuals) with fabricated names and addresses. Since the Social Security Administration moved to randomized SSN issuance in 2011, the link between an SSN and a real person's birth state or birth year disappeared. Modern synthetic rings increasingly use random valid 9-digit numbers, betting that some will turn out to be unassigned or attached to someone who never checks their credit.
These fake identities are "credit farmed" over months or years. Open a secured credit card. Make small payments on time. Build credit history. Eventually, the synthetic identity has enough credit to take out loans or open credit lines. Then the fraudster maxes everything out and disappears. This is called a bust-out.
Synthetic fraud is hard to detect because there's no real victim to report it. The SSN might belong to a child, a recently deceased person, or an elderly individual who rarely monitors their accounts. But the name, address, and other details are fabricated. Since credit bureaus don't verify that SSNs match real identities, the combination creates a new "person" in the system. The real SSN holder has no idea. The fabricated person doesn't exist to complain.
New account fraud uses stolen or synthetic identities to open accounts. The account itself is the target: access credit products, launder money, exploit sign-up bonuses, or establish infrastructure for future attacks.
Social Engineering
These attacks target human psychology rather than systems. The attacker manipulates the victim into taking action.
Business email compromise (BEC) targets organizations. Attackers compromise or spoof executive email accounts, then request urgent wire transfers, invoice payments, or sensitive data. The attacker often researches the company first, learning names, relationships, and processes to make the request believable.
Variations include vendor impersonation (fake invoices from spoofed supplier accounts) and payroll diversion (redirecting employee direct deposits).
The Email Security module covers BEC investigation in detail.
Romance scams build fake relationships over weeks or months. The scammer might pose as an attractive professional, a military officer stationed overseas, a successful entrepreneur, or any persona designed to appeal to the target. Stolen photos are common. Once emotional connection is established, the requests start. Money for an emergency. Help with a business opportunity. Funds to finally meet in person.
Victims often send money multiple times before realizing the relationship was fabricated.
Pig butchering combines romance and investment fraud. The scammer builds a relationship, then introduces a "great investment opportunity." This might be a fake cryptocurrency exchange, a fraudulent forex trading platform, or another investment scheme. Victims are encouraged to invest more and more. The platform shows impressive fake returns. When the victim tries to withdraw, the money is gone.
The name comes from the Chinese term for the scam: fatten the pig before slaughter. Investment-related scams drove over $5 billion of all 2024 fraud losses reported to the FTC, with a median individual loss of $9,196, the highest among the top 10 fraud categories reported.[1]
Impersonation scams have the attacker pose as someone with authority. Government agencies demanding immediate tax payment. Tech support calling about a virus on your computer. A grandchild in trouble needing bail money. The hook varies, but the pattern is consistent: create urgency, establish authority, extract money or access. In 2024, U.S. consumers filed 845,806 imposter scam reports with the FTC; about 22% reported a financial loss, totaling $2.95 billion.[1]
Advance fee fraud promises a large payout after a small upfront payment. Lottery winnings, inheritance from a distant relative, business opportunity. The victim pays "fees" and "taxes" that escalate until they stop paying or run out of money.
What is authorized push payment (APP) fraud?
This category deserves its own section because it's growing fast and works differently.
In authorized push payment (APP) fraud, the victim sends money voluntarily. They initiate the transfer themselves. They're deceived about who they're sending to or why, but technically, they authorized the transaction.
This makes recovery difficult. The victim can't claim "I didn't authorize this" because they did. They clicked send.
APP fraud includes:
- Invoice redirection (attacker intercepts legitimate invoices and changes payment details)
- Purchase scams (fake sellers who take payment and never ship)
- Impersonation (someone posing as your bank telling you to move money to a "safe account")
The line between APP fraud and traditional scams is blurry. What matters is understanding that the victim's own authorization is what moves the money.
Policy Abuse
These attacks exploit business policies rather than stealing identities or payments. Often committed by actual customers.
Refund and return abuse games return policies. Wardrobing means buying clothes, wearing them with tags tucked in, then returning them. Empty box returns claim refunds for items never actually sent back. Item-not-received (INR) claims say a delivered package never arrived.
Some of this is first-party fraud (the customer is lying). Some is organized (rings that systematically exploit return systems). The line between "policy abuse" and "fraud" can be legally fuzzy, but the losses are real.
Promo and loyalty abuse exploits marketing programs. Creating multiple accounts to claim sign-up bonuses repeatedly. Fake referral schemes. Exploiting coupon stacking or earning rules. Stealing accumulated points through account takeover.
Platform and Marketplace Fraud
Two-sided marketplaces create unique fraud opportunities because attackers can play either side.
Seller-side fraud: Fake listings for products that don't exist. Counterfeit goods sold as authentic. Taking payment and never shipping.
Buyer-side fraud: False claims that items weren't received. Returning different or damaged items. Chargeback abuse after receiving goods.
Triangulation fraud: A three-party scheme that deserves its own category. A fraudster sets up a storefront (often on a marketplace) selling popular items at attractive prices. When you order, they take your payment, then purchase the item from a legitimate retailer using a stolen credit card, shipping directly to you. You receive a real product. The fraudster keeps your money. The stolen card's owner eventually disputes the charge. The legitimate retailer eats the loss. Everyone except the fraudster is a victim. (For a deep dive into how this works in practice, see Nina Kollars' DEFCON talk Confessions of a Nespresso Money Mule↗.)
Collusion: Both buyer and seller are in on it. Fake transactions to launder money through the platform. Fake reviews for payment. Commission fraud in gig economy platforms.
Institutional Fraud
These target government programs and large institutions.
Insurance fraud ranges from individual exaggeration (soft fraud: claiming your slightly damaged car was totaled) to organized rings staging accidents (hard fraud). Healthcare fraud involves providers billing for services not rendered or upcoding procedures.
Tax and benefits fraud exploits government programs. Fraudulent unemployment claims filed with stolen identities spiked during pandemic relief programs. Tax refund fraud uses stolen SSNs to file fake returns and collect refunds. Benefits fraud targets food assistance, housing programs, and other social services.
API Abuse and Business Logic Attacks
These attacks exploit how software systems work rather than stealing credentials or tricking humans.
Business logic attacks find flaws in how applications handle transactions. A pricing bug that lets you buy a $500 item for $5. A coupon system that allows unlimited stacking. A referral program that pays out before verifying the referral was real. These aren't security vulnerabilities in the traditional sense. The code works exactly as written. It's just written wrong.
API abuse targets the interfaces applications use to communicate. Attackers might manipulate API requests to bypass validation, access data they shouldn't see, or automate attacks at scale. Rate limiting bypass, parameter tampering, and authentication flaws all fall here.
The API Abuse module covers these attacks in depth.
What is cryptocurrency fraud?
Crypto creates unique fraud opportunities because transactions are irreversible and often pseudonymous.
Crypto scams include fake investment platforms, rug pulls (developers abandoning projects after collecting funds), pump-and-dump schemes, and fraudulent ICOs or token launches. Pig butchering scams (covered above) often use fake crypto exchanges as their endgame.
Crypto theft involves stealing cryptocurrency through wallet compromises, phishing for seed phrases, SIM swaps to bypass exchange 2FA, or exploiting smart contract vulnerabilities.
Crypto laundering uses mixing services, chain-hopping (moving between different blockchains), and decentralized exchanges to obscure the trail of stolen funds.
Cryptocurrency was the second-largest payment method by aggregate fraud losses in 2024 at $1.42 billion, behind only bank transfers and payments at $2.09 billion.[1]
Agentic and AI-Driven Fraud
The newest category. As AI systems become more capable, they're being weaponized for fraud.
AI-generated content includes deepfake videos and audio for impersonation, AI-written phishing emails that can be personally tailored to each target, and synthetic identities with AI-generated faces that pass photo verification.
Automated fraud at scale uses AI to run thousands of simultaneous social engineering conversations, adapt to victim responses in real-time, and coordinate attacks across multiple channels (email, phone, text) with perfect consistency.
Agentic fraud systems are autonomous AI agents that can plan and execute entire fraud campaigns with minimal human oversight. They might research targets, craft personalized approaches, adapt to defenses, and cash out proceeds. This is the emerging frontier.
The Agentic Fraud module explores these threats.
4. How do these fraud types connect?
Fraud types don't exist in isolation. They feed each other.
A data breach produces stolen credentials. Those credentials enable account takeover. Taken-over accounts are used for payment fraud. Payment fraud generates dirty money. Dirty money flows through money mules. Mules are recruited through job scams.
Synthetic identities open bank accounts. Those accounts receive funds from BEC attacks. The funds are wired overseas before anyone notices.
Understanding these connections helps you investigate. When you see one fraud type, ask: what came before this? What might come next?
5. Key Takeaways
- Fraud isn't one crime, it's a portfolio of them. Payment fraud, identity fraud, social engineering, policy abuse, and platform fraud each require different investigation approaches.
- Know your fraud type to know your questions. A romance scam victim needs different help than a card-testing target.
- Fraud types feed each other. Data breaches enable ATO. ATO enables payment fraud. Payment fraud funds criminal organizations.
- This is your map. Each major fraud type gets deeper coverage in specialized modules.
Next up: SQL Crash Course gives you the technical skills to query transaction data and find fraud patterns.
6. Key Terms
| Term | Definition |
|---|---|
| Card-not-present (CNP) | Transactions where the physical card isn't present (online, phone orders) |
| Skimming | Using hidden devices to copy card data from ATMs or payment terminals |
| Credential stuffing | Automated testing of leaked username/password pairs across websites |
| SIM swapping | Convincing a phone carrier to transfer a victim's number to attacker's SIM |
| Infostealer malware | Software that captures credentials and data from infected devices |
| Synthetic identity | Fake identity combining real data (often stolen SSNs) with fabricated information |
| Check washing | Altering legitimate checks to change payee or amount |
| Authorized push payment (APP) | Fraud where the victim voluntarily sends money after being deceived |
| Wardrobing | Buying items, using them briefly, and returning them |
| Pig butchering | Long-term scam combining romance fraud with fake investment schemes |
| Triangulation fraud | Seller fulfills orders using stolen payment cards, keeping the buyer's payment |
| Business logic attack | Exploiting flaws in how applications process transactions (not security bugs, but design flaws) |
| Rug pull | Crypto scam where developers abandon a project after collecting investor funds |
| Deepfake | AI-generated synthetic video or audio used for impersonation |
7. References
1. FTC Consumer Sentinel Network Data Book 2024 (March 2025)↗ (p. 4: 845,806 imposter scam reports totaling $2.95B; over $5B in investment-related scam losses with a $9,196 median individual loss; cryptocurrency $1.42B and bank transfers $2.09B as the top fraud payment methods in 2024)
Test Your Knowledge
Ready to test what you've learned? Take the quiz to reinforce your understanding.
Continue learning
- Fraud BasicsFraud 101: What Is Fraud?Absolute basics for someone who has never looked at fraud: what is fraud, how is it different from other crimes, and why does it matter
- Fraud BasicsSQL Crash Course for Fraud AnalystsEssential SQL skills for investigating fraud cases: learn to query transaction data, analyze patterns, and gather evidence
- Fraud BasicsIntro to Criminal InfrastructureUnderstanding the underground fraud economy: dark web markets, criminal tools, and how fraud operations are organized
- More from Money Movement & Transaction FraudPayment Systems 101: How Money Really MovesEssential foundation for understanding how ACH, wire transfers, card payments, and digital payments actually work - and why criminals target them
- More from Account TakeoverATO FundamentalsEssential foundation every fraud professional needs to know about account takeover attacks
- More from Social EngineeringSocial Engineering FundamentalsThe psychology of manipulation and how attackers exploit human trust