The story of online fraud is entering a new chapter. According to identity verification and fraud prevention firm Sumsub, 2026 will mark the year of the start of what it describes as the “sophistication shift”, a fresh phase of digital crime powered by AI and the rise of professionalised fraud-as-a-service operations. .
Speaking at a recent media briefing, Sumsub’s Penny Chai pointed out that cyber crooks are evolving beyond “spray and pray”, the blunt-force tactics of the past where untargeted attacks are conducted at massive scale, relying on sheer volume to succeed.
“Attackers are now more strategic, taking time to plan their strikes,” said aid Chai, Sumsub’s vice-president for Asia-Pacific. “When they succeed, they make a lot of money.”
One of the latest tactics is telemetry tampering where cyber actors block, modify or inject wrong data and signals to confuse digital defensive systems. By obscuring the information used to detect abuse, intrusions or fraud, cyber criminals can move undetected and operate with greater precision.
Adding to this complexity is the rise of AI fraud agents, autonomous systems that use GenAI, automation and behavioural mimicry to carry out full verification attempts end to end.
These self-learning bots can repeatedly attack specific websites and accounts, learning and fine-tuning as they go in a cycle of continuous improvement until they succeed in their attempts.
Just a few years ago, the cybersecurity race focused on leveraging machine learning to spot anomalies and anticipate attacks. Organisations with deep pockets and the right expertise spent heavily on advanced tools and expert analysts to stay ahead of the next big data breach.
In 2025, this strategy changed. The plot took a twist. Attackers became technologists themselves, acquiring sophisticated technical skills and churning out attack toolkits that allow criminals to launch full-scale phishing campaigns, ransomware operations and deepfake scams with minimal effort.
These tech-savvy criminals now build and sell tools for ransomware, phishing, scams and more, with the dark web acting as their bustling marketplace. Non-techie criminals can acquire and deploy them.
Other cyber firms like Ensign Infosecurity have reported similar trends of cybercrime-as-a-service, where cyber crooks are getting sharper and more relentless, leaning hard on technology to pull off digital heists.
Chai highlighted that in the Asia-Pacific region, the cyber fraud landscape is more nuanced. Similar to global trends, the types of fraud have swung sharply away from crude, low-effort forgeries toward AI-driven deepfakes, synthetic identifies and persistence-based schemes.
But the rise of fraud in the Asia-Pacific region is uneven. In the developed economies like Singapore and Australia, fraud rates are falling due to stronger regulations. In the emerging economies, the AI-fraud rates are surging.
Even as the developed economies increase their watchfulness, the fraudsters are becoming more persistent, deploying sharper, harder to detect attacks.
Another trend Chai flagged was the growth synthetic data. Fraudsters are creating entire synthetic identities including names, addresses and dates of birth. They are generated with AI and paired with high-quality deep fakes, she said.
“Fraudsters combine these fake identities with other strategies to create more damaging attacks, retreating from older tricks such as simple forged or stolen identities that regulatory systems now detect more easily,” she said.
In 2026, the Asia-Pacific region is expected to be a testbed for global fraud innovation, she cautioned.
GenAI has become the default method of attack. Deepfakes will expand into multi-modal fraud, combining voice, video and tampered telemetry to overwhelm liveness and behavioural checks.
South Asia is emerging as a hub for synthetic identity rings and cross-border rings are poised to become the new norm. Governments will have to collaborate closer and share intelligence.
Attackers are also shifting to high-value targets such as trading platforms and high-limit financial accounts as they focus on securing larger payouts.
This new sophistication shift is resulting is a digital face-off on equal footing: good tech nerds versus bad tech nerds, each racing to out-code the other.
Sumsub’s report argues that pairing advanced detection technologies such as behavioural analytics, multi-modal AI checks, federated fraud intelligence with regional regulatory alignment can close gaps criminals exploit.
