The Evolution of Fraud

Protecting your business from phishing, impersonation, and AI-driven fraud

Fraud is no longer a background risk — it’s something most organizations are actively dealing with in one form or another. And it’s evolving quickly. In 2025, the FBI’s Internet Crime Complaint Center (IC3) reported $20.8 billion in losses, with business email compromise schemes accounting for $3.04 billion.¹

A more sophisticated threat landscape

What’s changed isn’t just the volume — it’s the sophistication. Fraudsters are using automation, artificial intelligence, and coordinated, multi-channel approaches to get around traditional safeguards. That means the old playbook — spotting obvious red flags in a suspicious email — isn’t enough anymore.

Today’s attacks can show up across:

• Email, text messages, and phone calls
• Collaboration platforms
• AI-generated voice and video impersonation

Organizations that manage this well take a broader view — combining employee awareness with strong, well-designed processes that make fraud harder to execute in the first place.

Understanding how these attacks work

At the core of most attacks is social engineering — manipulating someone into taking an action they normally wouldn’t, like sharing sensitive information or approving a payment.

Common forms include:

• Business email compromise (BEC) — fraudulent payment requests or account changes
• Vendor and invoice manipulation
• Payroll diversion fraud
• Account takeover using stolen credentials
• Email thread hijacking and impersonation
• Multi-channel attacks combining email, text, and phone

Artificial intelligence is accelerating these tactics — enabling deepfake voice calls, highly personalized phishing messages, and synthetic identities. Traditional warning signs are becoming less reliable.

What effective protection looks like

Protecting your business comes down to combining awareness with structure. The most effective organizations build layered defenses into everyday processes. Key practices include:

• Requiring dual approval for payments and payment changes
• Using out-of-band verification — confirming requests through a separate, trusted channel
• Establishing consistent vendor validation procedures
• Monitoring for unusual or urgent requests
• Applying zero-trust principles and multifactor authentication
• Training employees to recognize modern fraud tactics, including AI-driven impersonation

Just as important is a mindset of verification. Unusual or urgent requests should always be confirmed independently— especially when money or sensitive data is involved.

A business process risk, not just a cyber issue

Fraud today targets people, systems, and workflows at the same time. Addressing it effectively means designing processes that make fraudulent activity harder to carry out and easier to detect.

If you’d like to talk through how this applies to your organization, Webster Bank can help. From fraud prevention tools to treasury support aligned with your day-to-day operations, the goal is to help you stay a step ahead of an increasingly complex threat landscape.

¹ FBI Internet Crime Complaint Center’s 2025 IC3 Annual Report

The information and opinions presented are current only as of the date of writing, without regard to the date on which you may access or read this information. All opinions and estimates are subject to change at any time without notice. This material may not be reproduced or redistributed without Webster Bank’s express written permission. All credit products are subject to the normal credit approval process.