Fighting Cyber-Enabled Fraud 2025

State of the threat1 Phishing and cyber-enabled fraud are growing at an alarming rate, fuelled by cybercriminals’ use of AI. From artificial intelligence (AI)-driven impersonation to transnational scam networks, cyber-enabled fraud has emerged as one of the most urgent and costly global threats, accounting for more than $1 trillion in losses in 2024.4 These losses are more than staggering figures: they reflect a troubling evolution in cyber-enabled fraud spanning multiple dimensions of speed, scale and sophistication. At the same time, threat actors adapt quickly, iterating their tradecraft in direct response to defensive measures, and often operate across national borders – taking advantage of differences in legal systems, enforcement capacity, cyber-maturity levels and regulatory frameworks.5 Cyber-enabled fraud ranks as the second-highest organizational cyber risk after ransomware for 2025 according to respondents surveyed by the Global Cybersecurity Outlook report.6 Phishing continues to serve as the backbone of cyber-enabled fraud, enabling crimes ranging from credential theft and ransomware to large-scale financial scams. Phishing messages now span email, short message service (SMS), messaging apps and social media – often directing victims to convincing fake websites built to steal credentials, capture financial data or deploy malware (see Figure 2). According to the European Union (EU) Agency for Cybersecurity’s report Threat Landscape 2025, phishing is the dominant intrusion vector, accounting for approximately 60% of cases.7 Its growth shows no sign of slowing: credential- harvesting attacks surged sevenfold in the second half of 2024, while overall phishing threats doubled during the same period.8 Advances in generative AI are making phishing both easier to conduct and more effective. Recent research highlights the scale of this shift: a 2024 study found that large language model (LLM)-generated phishing emails achieved click-through rates of 54%, matching human expert performance and outperforming an average phishing email by 350%.9 The Anti-Phishing Working Group (APWG) reported the number of phishing attacks has continued to rise steadily, with an increase of 13% between the first and second quarter of this year.10 Depiction of a phishing incident FIGURE 2 Source: Adapted from Cloudflare and TrendMicro Fighting Cyber-Enabled Fraud: A Systemic Defence Approach 7Cyber criminals contact victims thr ough emails/ SMS/phone calls Victims click the malicious link or open an attachment The cyber criminals collect victim cr edentials or instal malwar eThe stolen cr edentials are used to steal data/ disrupt operationsEmail, QR code, SMS Attacker Victim Phishing w ebsiteCreates Creates Delivers toClicks on the link and accesses the phishing website