Fighting Cyber-Enabled Fraud 2025

Appendix: Glossary Access internet service provider (access ISP). A company or organization that provides customers with access to the internet through broadband, mobile or other network connections. ISPs may also offer additional services such as email, web hosting or security features. Because they control the “last mile” to end users, ISPs play a role in filtering harmful traffic and bundling protective services, but their visibility into content is increasingly limited by encryption. Backbone internet service providers (backbone ISPs). Large-scale telecommunications providers that operate the high-capacity backbone of the internet, interconnecting regional networks and routing global traffic. These Tier 1 providers serve as upstream infrastructure providers that typically view themselves as neutral conduits, responsible for performance and resilience rather than content or security. Criminals may exploit their neutrality and scale, but interventions usually occur downstream at access ISPs, resolvers or platforms. Content delivery networks (CDNs). A distributed system of servers that cache and deliver web content (e.g. images, scripts, pages) from locations closer to end users. CDNs improve performance, availability and resilience. Many commercial CDNs are bundled with reverse-proxy services, which handle traffic to and from the origin server. Criminals can exploit these platforms to give malicious sites scale and legitimacy. Cyber-enabled fraud. Fraud schemes in which criminals use digital technologies or online infrastructure to deceive victims and obtain money, goods, services or sensitive information. Unlike purely “cyber- dependent” crimes (such as ransomware or denial-of-service attacks), cyber-enabled fraud adapts traditional deception techniques to scale rapidly via the internet. It includes schemes that exploit email, messaging, websites, social media or payment platforms to impersonate trusted parties, misrepresent transactions or manipulate victims into authorizing transfers. Key mechanisms range from phishing and business email compromise to investment scams and online marketplace fraud. The defining characteristic is the use of digital channels as the primary enabler of deception and victimization, often blurring the boundaries between cybercrime and traditional fraud. Digital infrastructure services. Systems, platforms and related resources that provide the essential functions of the internet – enabling the creation, exchange, authentication and delivery of data and online services. The term encompasses both the underlying infrastructure (e.g. networks, servers and security mechanisms) and the activities of providers who operate and maintain these capabilities for others. As described in the EU’s NIS2 Directive, digital infrastructure services span nine categories, including domain name systems, trust services, data centres and content delivery networks. DNS abuse. For the purposes of this paper, the intentional misuse of the DNS as criminal infrastructure, including the registration, compromise or manipulation of domain names to enable malicious activity – distinct from abusive content merely delivered through it. Domain name system (DNS). The hierarchical, distributed system that translates human-readable domain names (e.g. example.com) into numerical IP addresses used by computers to identify and reach each other on the internet. The DNS functions as the internet’s “phone book”, directing user requests to the correct servers and enabling virtually all online activity. Because the DNS underpins routing and trust, criminals frequently misuse it by registering deceptive domains, hijacking records or manipulating lookups to support phishing, malware and other attacks. Email spoofing. Term used to describe cybercriminals’ practice of forging an email’s “from” address to make messages appear to come from a legitimate organization or trusted sender. Internet protocol (IP) address. A unique numerical identifier assigned to each device or server connected to the internet, used to route data between networks. IP addresses come in two formats – IPv4 (32-bit) and IPv6 (128-bit) – and function like digital street addresses, ensuring that information reaches the correct destination. Criminals may hide, spoof or rapidly change IP addresses (e.g. through fast-flux techniques) to evade detection and frustrate enforcement. Phishing. A form of cyberattack or social engineering scam in which malicious actors impersonate trusted entities through fraudulent digital communications – typically emails, text messages or websites – to deceive victims into revealing sensitive information or performing actions that compromise security, often resulting in identity theft, financial fraud or unauthorized system access. Fighting Cyber-Enabled Fraud: A Systemic Defence Approach 22