Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

That question reflects a growing reality inside airline security teams. Account takeover is no longer a downstream fraud event. It is an access-layer problem driven by adversaries who specialize in impersonation, reverse proxies, and rapid monetization of loyalty accounts. For Cyber Threat Intelligence teams, the mission is not to clean up after fraud. It is to disrupt adversary capability early, attribute campaigns accurately, and break the kill chain before customer harm occurs.

Globally, companies lost an average of 7.7% of their annual revenue to fraud, according to TransUnion’s 2025 Digital Identity Risk Accelerates Fraud Losses report. In the US, companies reported revenue losses of 9.8%, a 46% increase from the previous year. That’s hundreds of billions of dollars heading into the hands of fraudsters. And those stats don’t account for the loss of trust, hit to brand reputation, and time and resources spent on mitigating and resolving the fraud.

An identity mule is someone who is compensated for sharing their identity. They may be asked for pictures of their identification documents and video selfies. Or, instructed to create an account and complete an identity verification flow before handing over the account’s credentials to a bad actor. The fraud cat-and-mouse game is taking a new turn. As organizations get better at detecting deepfakes, some bad actors are using real people’s identities to commit fraud.

All over the world, companies are seeing a rise in fake job applicants. You may have experienced it yourself: dozens of near-identical resumes arriving within hours, or candidates who refuse to turn on their camera during video interviews. Remote hiring, global talent pools, AI-generated resumes, and increasingly sophisticated fraud networks have profoundly changed the hiring landscape. Traditional hiring processes were never built to defend against the types of candidate fraud we’re seeing today.

Let’s be honest: in 2026, the traditional “firewall” is a bit of a relic. Having spent years analyzing how threat actors operate, I can tell you they aren’t banging on your front door anymore. Why would they? It’s much easier to build a pixel-perfect replica of your front door down the street and trick your customers into handing over their keys there.

From fake ads to tech support fraud, see how scammers exploit Facebook and how to protect your data and money. Facebook may feel like a safe place to connect, but scammers are increasingly using its ads, posts, and messages to deceive users. Here’s how cybercriminals are turning your feed into a gateway for fraud and what you can do to stay protected. When you open Facebook, you might expect birthday alerts, travel snapshots, or quick messages with friends.

Scammers stole an estimated $17 billion worth of cryptocurrency in 2025, according to a new report from Chainalysis. Notably, the report found that AI-assisted scams stole 4.5 times more money than scams that didn’t leverage AI. “Our analysis reveals that, on average, scams with on-chain links to AI vendors extract $3.2 million per operation compared to $719,000 for those without an on-chain link — 4.5 times more revenue per scam,” the researchers write.

Memcyco recently featured in an ITSP Magazine podcast episode snippet, which this post is based on. You can listen to the full feature here, or below. Our thanks go to the podcasters for having our CEO, Israel Mazin, on with them. Account takeover attacks are surging, fueled by off-the-shelf phishkits and AI tools that make it faster and cheaper for bad actors to impersonate trusted brands and steal customer credentials.