The Industry Speaks: Fraud Awareness Week 2025

Phishing attacks remain the leading cause of fraud because they exploit human instinct, and no technology can fully compensate for a moment of misplaced trust. Real resilience comes from combining strong identity controls with a culture that encourages people to pause, question, and verify before they click. To truly reduce their risk surface, organisations must invest as much in culture and awareness as they do in identity security.

As organisations strengthen their defences, it’s crucial they don’t overlook the human element. Cyber security hygiene starts with identity security – ensuring every user, machine, and system has the right access privileges, and that people understand the value of that access. Cyber security is as much a cultural issue as it is a technical one. When employees recognise that a single click can compromise an entire organisation, behaviour starts to shift from compliance to accountability – and that’s when real resilience begins.

Sam Salehi
Managing Director ANZ at Qualys

The recent wave of Qilin ransomware attacks – impacting Australian organisations from construction and manufacturing to financial services – highlights that the most at-risk part of any cyber security strategy isn’t technology, it’s people. Many of these breaches start with a single, targeted phishing email that manipulates trust. One wrong click or misplaced credential can open the door for attackers to move laterally across networks, exfiltrating data and deploying ransomware with devastating speed.

As AI reshapes the threat landscape, these human vulnerabilities become even more exploitable. Threat actors are using AI to automate reconnaissance and craft highly personalised phishing campaigns that are faster, more convincing and far harder to detect.

To counter this, organisations must adopt a risk-based approach that aligns security investments to business context – prioritising protection of the assets most critical to operations and continuity, while investing equally in human-centric education and training to recognise AI-generated phishing and deepfake content.

While AI will increasingly automate tasks such as vulnerability scanning and incident response, true resilience is only as strong as your first line of defence – your people. Building a culture of awareness, verification, and accountability ensures every user understands their role in managing risk.

Trevor Winstaff
Chief Product Officer & Co-Founder at Zepto

While the payments sector has made strides in improving how money flows through the economy in real-time, legacy fraud controls have not kept pace with this innovation. As payment systems move to near-instantaneous transfers, the window to intercept scams or approve transfers shrinks to virtually zero.

In 2024, bank transfers were the most reported payment method for scams, and 1 in 10 Australians experienced card fraud, resulting in a total loss of $2.1 billion – and that only accounts for what's reported. For both businesses and consumers, the threat of invoice fraud, compromised supplier details, and fraudulent bank transfers is a constant, increasingly costly battle.

VIEW ALL

Now that Confirmation of Payee is live across Australian banks, the baseline should shift beyond legacy checks: verify the name, BSB, and account number and signify a clear match before money moves. Layering intelligent risk signals and fit‑for‑purpose controls further reduces fraud and failures while keeping customer journeys fast. Confidence before money moves must become the standard as the threat of fraud continues to rise for both businesses and consumers.

Patrick Harding
Chief Product Architect at Ping Identity

Agentic AI is transforming the fraud landscape at an unprecedented pace. With autonomous decision-making and adaptive learning capabilities, fraudsters now use AI to craft context-aware phishing schemes and deepfake videos and voices that blur the line between authenticity and manipulation. These intelligent scams are rapidly eroding consumer trust, with 39 per cent of consumers (according to the Ping Identity ‘Bridging the Trust Gap in the Age of AI’ report) citing AI-driven phishing as their top modern fraud concern.

International Fraud Awareness Week underscores the urgent need for vigilance in this new era where defence and deception are evolving in parallel. Intelligent threats demand equally intelligent defences. Organisations must invest in systems that detect and respond to attacks in real time while continuously learning and adapting to new tactics. Effective identity and access management now requires evaluation of the full context behind each agentic AI access request, including intent and behaviour. By combining adaptive authentication with AI-driven fraud detection, organisations can anticipate emerging risks, strengthen digital trust, and protect identities in an increasingly autonomous and agentic world.

Erich Kron
CISO Advisor at KnowBe4

This Fraud Prevention Awareness Week is a timely reminder that personal vigilance and organisational defence go hand in hand. Strong digital hygiene doesn’t happen by accident. It requires ongoing awareness and consistent training. Our 2025 Phishing Benchmark Report shows that while 33.1 per cent of users initially fall for simulated phishing emails, that figure drops to just 4.1 per cent after a year of cyber security education and training.

By embedding security into the culture of an organisation, employees become part of the solution. Encouraging people to report suspicious messages, use strong and unique passwords, and question what doesn’t look right helps create a workplace where security becomes part of everyday practice.

Fraud prevention starts with each one of us. By staying alert, speaking up, and supporting one another, we can detect fraud early and stop it before it causes harm.

Nigel Tan
APAC SE Director at Delinea

Identity fraud is now the top self-reported cyber crime affecting individuals in Australia, accounting for almost 30 per cent of cases. That tells us something important: scammers don’t need highly sophisticated methods when the basics of identity security are still being overlooked.

Small improvements in the way we manage our digital identity make a noticeable difference. Identity is the starting point for most cyber incidents – whether it’s an individual or a business. Most scams begin with reused passwords, outdated logins, or personal details already circulating from past breaches. Using unique passwords, turning on multi-factor authentication, and being cautious with unexpected requests for information all help limit how far an attacker can get.

When credentials are stolen or guessed, criminals can quickly move through personal accounts or impersonate the victim. A single weak point becomes the stepping stone for further fraud, which is why tightening the fundamentals is more effective than trying to keep up with every new tactic.

Protecting your identity isn’t about staying across every new threat. It’s about tightening the basics. A few simple changes make it significantly harder for criminals to impersonate you - and far easier for all of us to stay safe online.

Adhil Badat
Managing Director at Rackspace Technology  

As cloud adoption accelerates, fraud is becoming more sophisticated and harder to detect. International Fraud Awareness Week is a timely reminder that digital transformation must be matched by fraud resilience.

Rackspace’s 2025 State of Cloud Report shows that AI is now central to cloud strategy, with 84 per cent of organisations integrating it to enhance analytics, operational efficiency and security. Yet many are still navigating skills shortages and governance gaps, which can leave deployments vulnerable to misuse, especially as AI becomes more embedded in operations. Notably, 50 per cent of organisations cite security as the top roadblock to effective cloud management, underscoring the urgency of embedding fraud resilience into digital transformation.

Fraud is no longer just a security issue; it’s a strategic risk. Organisations need to move beyond reactive controls and embed fraud awareness into cloud governance, employee training, and operational culture. As AI continues to reshape how businesses operate, fraud prevention must evolve in parallel, not as a compliance checklist, but as a core part of digital maturity.