Fraud attacks increased 8% globally in 2025, driven in part by synthetic identity fraud and increasingly automated online activity, according to a new Cybercrime Report from LexisNexis Risk Solutions.
The report draws on analysis of more than 116 billion online transactions observed through LexisNexis Risk Solutions’ Digital Identity Network between January and December 2025. It points to heightened pressure on sectors including ecommerce and gaming and gambling, and highlights the growing role of automated tools in account takeover attempts and payment-related attacks.
In Asia-Pacific, the cybercrime attack rate rose 12% year-on-year to 1.7%, exceeding the global average of 1.6%, the report said. Desktop browser channels recorded a 25% year-on-year increase in attacks to 6.9%, which the company attributed to more sophisticated automated activity.
Globally, LexisNexis Risk Solutions said synthetic identity fraud rose eight-fold year-on-year and now accounts for 11% of fraud incidents. The report characterised synthetic identity fraud as a longer-term tactic, where attackers assemble new identities from stolen attributes and then use those identities across multiple crimes.
The report also said ecommerce fraud attack rates grew 64% year-on-year, while attacks at login—often linked to attempts to take control of customer accounts—rose 216%. Gaming and gambling sites experienced a 76% rise in global attack rates, according to the report.
Beyond synthetic identities, the study highlights changes in automated traffic. It reported “agentic” traffic increased 450% between January and December 2025, largely linked to credit card payments and logins at gaming and gambling sites. While the report said there was no indication this activity was malicious, it flagged the trend as a longer-term challenge for fraud detection as organisations seek to distinguish between humans, bots and other automated agents.
Malicious bot attacks rose 59% in 2025, the report said, with bots increasingly able to mimic human behaviour in ways that can complicate behavioural detection techniques.
Regionally, LexisNexis Risk Solutions reported North America’s overall attack rate remained steady at about 2.2%, with attacks most frequently targeting login events and ecommerce. EMEA recorded a 27% year-on-year increase, which the report linked largely to account takeover attempts. In Latin America, synthetic identity fraud represented 48.3% of fraud, compared with under 10% in the region attributed to first-party fraud, the report said.
Stephen Topliss, vice president of fraud and identity at LexisNexis Risk Solutions, said attackers were “scaling automation” and using “advanced bots and AI-driven tools” to probe for weaknesses across digital customer journeys.
The methodology notes the report identifies fraud attempts through near real-time analysis of consumer interactions including account creation, logins, payments, password resets and transfers.
You can read the full report here.
