Online fraud comes in many guises and not just straightforward fraudulent transactions. All forms of it are detrimental to a business and can lead to financial loss, reputational damage and other problems. Let's examine the different forms of fraud.
Checkout abuse: This is the e-commerce equivalent of what's referred to as 'ticket scalping' where fraudsters purchase large numbers of tickets, depleting the supply and then reselling them at much inflated rates. This type of fraud is often achieved using an automated script to buy a volume of high-end, limited-edition products in minutes or seconds, depleting legitimate merchants' inventories, which are then resold for much higher prices.
Inventory hoarding: This form of fraud uses bots to put products in shopping carts, skewing inventory data and making products appear to be out of stock. Bots can also redirect customers to competitors' websites during busy shopping periods like Black Friday, or festive season shopping periods. Bots can wipe out inventory of an item in as little as two seconds with up to 40% of traffic to online shopping carts being attributed to bad bots.
Fraudsters are increasingly bypassing detection tools by emulating legitimate customers.
Loyalty fraud: Businesses offering loyalty programmes and reward points are the target of this form of fraud. A common scenario is where fraudsters employing account takeover tactics (ATO) steal points which can have real financial value, particularly in the travel and hospitality industries. For example, a customer might receive an e-mail from a criminal posing as an airline advertising a new promotion. Once the user completes their login info to the fake site, the fraudster quickly takes the stolen credentials and uses them to drain the real account of points. While the travel industry has long been a target of loyalty fraud, any business with reward points could be a target. With this type of fraud, criminals take advantage of the fact that consumers often don't monitor their loyalty points − sometimes letting crimes go undetected.
Promo and bonus abuse: This occurs when criminals create multiple fake accounts to take advantage of bonuses and promotions offered to new customers. While this type of fraud is widespread in the online gambling industry, it can occur anywhere that businesses offer financial incentives for new account signups. While simple in nature, promo and bonus abuse fraud can be extremely lucrative when conducted at scale. Because fraudsters have become more sophisticated and agile in their responses to efforts to detect and stop their schemes, classic online fraud detection approaches struggle to detect these more complex methods. At an increasing rate, fraudsters manage to bypass detection tools by emulating legitimate customers.
Where does fraud strike (by industry)?
Due to the dramatic increase in internet use across the globe, online fraud has grown into a systemic problem today. Industries storing a significant amount of personally identifiable information (PII), financial data, or both, are very attractive targets for fraudsters.
Financial services:
Financial institutions are among the most frequent targets of online fraud. Identity theft can be a particularly powerful tool for fraudsters looking to commit financial scams. Account takeover with banks and credit card companies can happen when fraudsters acquire a victim's personal information. Credentials may be stolen, or a bank employee acting in bad faith may even sell sensitive personal account information to fraudsters. With critical account numbers, criminals can transfer cash and drain funds.
KNOW MORE
Cyber security professionals can join hundreds of industry peers at ITWeb Security Summit Cape Town 2026 and ITWeb Security Summit 2026 in Johannesburg, where expert speakers will explore how organisations can stay resilient in the face of AI-driven attacks and an increasingly complex threat landscape.
Other forms of fraud that hit this sector include new account fraud often initiated using a stolen or synthetic ID. With the ability to impersonate victims, fraudsters will brazenly apply for new credit card accounts or even loans from a large number of vendors. Once the new accounts are active, criminals will generate massive debt on anything from retail shopping sprees to new vehicles.
Authorised push payment fraud is often linked to social engineering in the financial sector. For example, a victim might receive an e-mail or SMS from a source claiming to be their bank or credit card company. The message is written in an exclamatory tone warning that the user is “late on a payment”. In turn, they urge the person to transfer money immediately with an app like Zelle to avoid penalties for late payments.
Retail and e-commerce:
With nearly 20% of all shopping happening online in today's retail market, e-commerce fraud is a widespread problem.
ATO happens when fraudsters steal credentials and log into accounts to acquire PII, payment info, or change the shipping address to reroute packages. In other instances, they might take over an account in good standing and make purchases with a stolen credit card. In turn, this leaves the legitimate user 'responsible' on paper for using a stolen form of payment.
New account fraud occurs in e-commerce when criminals create fake accounts and let them age to get them into good standing. These shrewd fraudsters are aware that threat policies often attribute lower risk scores to long-standing accounts. When sufficient time has passed, criminals then add stolen banking details or credit cards to the account to make fraudulent purchases.
Checkout abuse occurs regularly through guest checkout options on websites. While businesses offer guest checkout to avoid cart abandonment, it leaves them vulnerable to fraudsters. Armed with stolen credit card data and PII acquired through ATO and/or identity theft, criminals utilise sneaker and ticketing bots to make purchases. In turn, fraudsters will attempt multiple purchases at the same time from unique IP addresses to overwhelm a system.
Healthcare:
Data gathered from 2024/2025 research indicates the healthcare sector is the number one attacked industry for cyber crime and fraudulent activities. Cyber attacks can wreak havoc on organisations, severely damaging their reputations and life-critical missions.
ATO is common in this sector where fraudsters use someone else's name and health insurance card to receive medical benefits, such as prescription drugs and doctor visits. While these crimes are perpetrated in person, they begin online when fraudsters overtake accounts on health insurance websites. When a patient's medical records are tarnished with fraudulent activity, the ramifications are felt by other healthcare stakeholders, such as payers and retailers. This problem can persist for years.
New account fraud in healthcare is directly linked to identity theft and the acquisition of stolen PII. Again, this type of new account fraud is commonly traced back to some type of weak point found online − such as poor password management.
The bottom line is that 'fraud' itself is now a global industry that knows few or no barriers and opportunities for growth. Organisations in all sectors no longer have the luxury of considering whether they should engage with the right partners and products to protect their interests − it has become a business-critical issue.
Share
