Nate Kharrl

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Fraud

•

3 minute read

Dec 23, 2025

Fraud in Focus: Top 3 Themes of 2025

Throughout 2025, we tracked everything from phishing kits and deepfake scams to insider abuse and autonomous hacking tools. Individually, each story mattered. Together, they pointed to something bigger: Fraud is changing how it operates, scales, and hides.

Before we turn the page to 2026, I want to share the three shifts that I think best explain where things are headed.

Let’s get into it.

NATE'S TAKE - DECEMBER 23, 2025

Top Themes This Year

Agentic AI will change the pace of both commerce and fraud
Running fraud at scale is easier than it’s ever been
Identity verification signals are no longer trustworthy

1. Agentic AI will change the pace of both commerce and fraud

This year was also a turning point for AI in fraud, especially as we moved toward agentic systems.

We’ve covered deepfake impersonation, AI-powered phishing, autonomous hacking agents, and scams that adapt in real time. But the bigger shift is what happens as agentic AI becomes embedded into commerce itself.

When systems start acting on behalf of people, not just assisting them, everything speeds up. Agents will browse, transact, negotiate, and move money with very little friction.

That’s an enormous efficiency gain. It’s also an enormous opportunity for abuse.

Fraud doesn’t need to scale headcount anymore. It can scale agents.

That means fraud will move faster than human review cycles, manual investigations, and controls designed around user-driven interactions. The same is true on the defense side.

Teams that rely solely on human-paced decisions will struggle to keep up. Teams that build automated, adaptive, behavior-aware defenses will have a chance to match the pace.

By 2026, I don’t think the question will be whether AI is involved. It will be whose agents are acting faster, and with better context.

2. Running fraud at scale is easier than it’s ever been

Over the course of this year, one pattern became impossible to ignore: fraud has moved well beyond isolated attacks.

Story after story pointed to the same reality. Fraud today looks less like opportunistic behavior and more like an organized industry. We saw phishing kits sold as subscriptions, scam operations run like call centers, illicit marketplaces offering laundering and deepfake services, and networks that adapt faster than enforcement or platforms can realistically respond.

That shift matters, because it changes how fraud has to be approached.

When fraud operates at this level, taking down individual attacks doesn’t really slow anything down. It just forces activity to reroute. Teams that focus only on point controls end up reacting to symptoms instead of understanding the system behind them.

Looking toward 2026, I think the advantage shifts to teams that can see how activity connects across identities, sessions, and behavior over time. The goal isn’t just stopping fraud in the moment. It’s understanding how it moves.

3. Identity verification signals are no longer trustworthy

The third theme that kept surfacing this year was the quiet collapse of traditional trust signals.

Almost every major story we covered involved fraudsters exploiting something people already trust. Legitimate platforms. Real brands. Familiar tools. Normal workflows. In some cases, even real employees.

We watched fraud hide behind SaaS platforms, abuse services like GitHub and DocuSign, bypass authentication through session hijacking, and walk straight through the front door by posing as workers. None of that looks like a classic “attack.” It looks like business as usual until it isn’t.

The issue isn’t that controls are broken. It’s that many of the signals we still rely on were designed for a much simpler internet.

Login success. MFA completion. Known devices. Clean IPs. These no longer mean what they used to. For attackers, they’ve become the cost of entry.

As we head into 2026, trust can’t be something that’s granted once and forgotten. It has to be continuously evaluated based on behavior, context, and intent.

===

That’s all for this week (and year!). For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.

‍

Ready to get started with Spec?

Get a demo

Nate Kharrl

Co-Founder & CEO

Nate Kharrl, CEO and co-founder at Spec, has built leading solutions for application security and fraud challenges since the early days of the cloud era. Drawing from his cyber experience at Akamai, ThreatMetrix, and eBay, Nate helped found Spec to focus on the needs of businesses operating in a landscape of increasing AI risks. Under Nate’s leadership, Spec grew from its mid-pandemic founding to raise $30M in venture-backed funding to build solutions used by Fortune 500 companies transacting billions in online commerce. Spec’s service offerings today include protective measures for websites and APIs that specialize in defending against attacks designed to bypass bot defenses and risk assessment platforms.

Frequently Asked Questions

How do fraud detection solutions work?

How do fraud detection tools stop account takeovers?

Fraud detection tools stop account takeovers by analyzing login patterns, monitoring unusual activity, and using AI to detect suspicious behavior. Features like device fingerprinting, bot detection, and behavioral analytics help businesses identify and block fraudulent login attempts. Spec’s fraud detection platform provides deep insights into user behavior, enabling companies to proactively stop ATO attacks.

How can businesses detect promo abuse?

Businesses can detect promo abuse by monitoring for unusual spikes in sign-ups, high redemption rates from the same device or IP, and accounts that exist solely to claim promotions. Patterns of repeated referral abuse, such as multiple new accounts linked to a single referrer, are also red flags. Tracking customer behavior throughout the entire journey helps identify suspicious activity before it escalates. Spec’s Customer Journey Security provides deeper insights to detect promo abuse in real time.

How can businesses prevent card testing attacks?

Businesses can prevent card testing attacks by implementing real-time fraud detection solutions that monitor and flag suspicious transactions. Using multi-layered authentication, CAPTCHA, rate limiting, and IP blocking can prevent automated bot attacks. Regularly reviewing transaction logs for unusual activity, such as multiple small transactions from different cards, can also help detect and stop fraudulent attempts before they escalate.

#61: Five-Star Trap, Holiday Shopping Scams, AI Companies on the Clock

Reviews, websites, ads, even entire storefronts can now be generated at scale. The burden of proof is quietly moving from the platform to the user and that’s a dangerous place to be.

B2B Agentic Commerce Will Dominate 2026

Agentic commerce is already emerging in B2B. Here’s what that means for the future of commerce, trust, and identity and what leaders need to prepare for.

#60: Zero-Click AI Browser Attack, Africa Fights Identity Fraud, RedNote Blocked in Taiwan

This week brought a mix of platform crackdowns, regional fraud shifts, and a new class of AI-driven attacks that turn everyday workflows into high-impact risks. Here are three developments worth your attention and what they signal for fraud teams watching the next wave form.

GET A PERSONALIZED DEMO

Ready to see Spec in action?

Get a demo

“With Spec, we can mitigate fraudulent activity, protect our revenue, and create a better user experience so that Indiegogo can remain a trusted crowdsourcing platform.”

Justin Orme

Payments Manager