Sumsub has published its Fraud Exposure Survey 2025, revealing that fraudsters are increasingly turning towards large-scale identity takeovers.

The report draws comparisons between internal identity verification and user activity data from 2026 and 2025, with specific data from 2023 also taken into account in certain instances. Sumsub analyzed 4 million fraud attempts and surveyed more than 1,200 end-users across Latin America, North America, Europe, Asia, Africa, and the Middle East, as well as over 300 fraud and risk professionals from various sectors including banking, crypto, payments, e-commerce, trading, and iGaming.

Financial loss remains a significant concern, with 84% of fraud cases in the APAC region now involving social media and government portal account control. These scams are often powered by AI and fraud-as-a-service tools but have shifted towards carefully planned and resource-intensive attacks that can cause greater damage.

Statistics from the APAC Region

As identity fraud evolves into a more sophisticated landscape, Sumsub identified two distinct categories: first-party fraud, where verified users are the perpetrators, and third-party fraud, where external actors exploit victims or impersonate them. The APAC region has responded with stricter regulations, such as Singapore’s Protection from Scams Act of 2025, which can freeze or limit scam-related accounts.

The study found that 53% of APAC consumers experienced fraud in 2025, with phishing and weak passwords being the main weaknesses. More than half reported encountering deepfakes online, highlighting the increasing sophistication of synthetic media. This led to issues like social media account takeover, stolen funds, individuals tricked into sending money, and a compromised government portal, prompting 89% of consumers to choose providers with robust anti-fraud systems.

Businesses faced similar challenges, with 69% experiencing fraud in 2025. Leading schemes included synthetic identity fraud, chargeback abuse, deepfakes for bypassing verification, and application fraud. Third-party attacks targeted businesses through identity theft, card testing, account takeover, and bot-driven attacks. Companies that failed to protect consumers risked financial losses and consumer churn.

Sumsub believes that human weakness fuels digital crime, amplified by AI-driven social engineering tactics such as deepfake-enabled calls, emails, and impersonations, which are weaponized for targeted fraud. Scammers exploit identities to unlock more monetization opportunities. Bad actors hijack verified accounts through SIM swaps, phishing, stolen credentials, and other means, allowing them to move funds, change account information, and add payment methods.

These attacks occur across borderlines where synthetic and stolen IDs reinforce each other’s legitimacy. Businesses anticipate an accelerating trend in AI-powered fraud and organized attempts, with 88% expecting more such attacks and 55% expecting a rise in coordinated efforts. Consequently, 63% of businesses advocate for stricter regulations, viewing compliance as key to safeguarding growth and reputation.