APAC saw a sharp rise in human-led attacks in 2024, with attack rates growing over 60% year-on-year and increasing 37% overall, according to the LexisNexis Risk Solutions Cybercrime Report 2025.

After years of rising global fraud, the report reveals that fraud is now plateauing in most regions. APAC, however, tells a different story.

In 2024, while global daily fraud attack rates rose by just 1%, APAC experienced a dramatic 61% surge in human-led attacks, driving a 37% overall increase in attack rates. This coincided with a 16% rise in digital transaction volumes, highlighting a growing gap between rapid digital growth and underdeveloped fraud defences in the region.

The report also shows fraud is increasingly driven by people rather than bots. Brute-force automation campaigns are declining, replaced by calculated, credential-based attacks. Fraudsters are exploiting weaknesses in identity checks, authentication layers and outdated digital know your customer (KYC) systems.

The Account Takeover Problem

Account takeover (ATO) fraud remains a dominant threat. Third-party ATOs made up 74.5% of fraud cases in APAC, rising from 66.3% the previous year. First-party fraud is responsible for 6.3% of cases.

This underlines a reality familiar to banks and fintechs: identity is still one of the easiest vulnerabilities to exploit. Even with improved onboarding and compliance processes, fraudsters continue to breach access. Once inside, the damage is often done. Staying ahead requires understanding where and how these attacks occur.

The Mobile-Desktop Mismatch

The LexisNexis Risk Solutions Cybercrime Report notes that mobile leads digital activity in APAC, making up 86% of all transactions, while desktop accounts for just 14%.

Despite its smaller share, desktop attracts just as much attention from attackers as mobile.

In 2024, fraud attempts were evenly split between mobile and desktop, with APAC’s desktop attack rate doubling the global average. This shows attackers haven’t abandoned older channels. Instead, they’re targeting areas with legacy infrastructure or weaker monitoring.

The notion that fraud has fully ‘gone mobile’ oversimplifies the reality. While mobile adoption grows, desktop remains a soft target.

Sectors Under Pressure

These trends aren’t impacting all industries equally. Communications, mobile and media platforms faced an 87% surge in attacks, while financial services saw a 54% increase. Both sectors also reported higher levels of bot-driven activity.

It’s unsurprising. These industries handle vast amounts of user activity, payments and personal data, making them prime targets for attackers. They often serve as gateways into larger fraud networks, enabling fraudsters to reuse, resell or scale stolen credentials across various attack methods.

Country-level Complexity

A closer look at country-level trends reveals a fragmented picture.

Singapore hit record highs in scam cases and losses, with a shift toward authorised push payment fraud. Japan saw a 77% rise in human-led attacks and a 40% increase in bot traffic. Hong Kong reported the highest fraud losses per capita, while Australia faced rising fraud despite declining bot activity.

There’s some progress, though uneven.

Malaysia mandated behavioural biometrics for banks, adding a new fraud detection layer. In 2024, Bank Negara Malaysia reported that there was a 52% decline in fraudulent unauthorised transactions that involved malware and phishing, the exact types of fraud that the security measures were designed to stop.

Australia introduced a cross-industry scam prevention framework with fines up to AUD $50 million for non-compliance. There has been a year-over-year decline in scam losses since then, with losses falling 13.1% in 2023 and then by a further 25.9% in 2024.

Singapore’s shared responsibility model assigns scam loss accountability but only for third-party fraud, while Thailand is still exploring a similar framework, though regulations remain unclear.

This lack of regional alignment allows fraudsters to pivot between markets, exploiting gaps in policy, enforcement and tech readiness.

AI in the Hands of Both Sides

The Cybercrime Report highlights AI’s growing role in fraud. Fraudsters are leveraging generative AI for document spoofing and synthetic identity creation, particularly during account onboarding.

On the brighter side, banks and fintechs are using AI-powered technology to spot anomalies in behavioural data, device intelligence and identity signals. While these tools are impactful, their effectiveness depends on robust data-sharing and well-trained models. Without them, even advanced tech has its limits.

Fraudsters Are Coordinating, but Are We?

The Cybercrime Report describes how interconnected fraud networks have become. Identities flagged in APAC often reappear targeting institutions in Europe and North America within days, giving attackers both scale and speed.

Yet, many institutions still combat fraud in silos, hindered by data privacy barriers, inconsistent regulations or a lack of shared infrastructure.

The firms that perform better are those integrated into shared intelligence ecosystems. As attacks grow smarter and APAC bears a disproportionate burden, some institutions are holding the line with layered defences, real-time monitoring and improved risk orchestration.

The tools exist. What’s missing is a unified playbook.

Download the APAC Cybercrime Report here.

Featured image: Edited by Fintech News Singapore, based on images by oleshkoart, bolshooylenny and andrew_derr via Freepik.