A new industry analysis of more than 116 billion online transactions in 2025 shows an 8% rise in global fraud attacks driven by rapid growth in synthetic identity fraud, agentic traffic and increasingly human‑like malicious bots.
The report highlights particular pressure on ecommerce and online gambling, and flags regional variations that matter for security leaders across Asia Pacific.
The study finds first‑party fraud — where customers themselves abuse services — remains the single largest category globally, accounting for around 38.3% of reported fraud. But synthetic identity fraud is the fastest‑growing type, now present in roughly 11% of cases worldwide and up eightfold year‑on‑year.
A striking development for 2025 was a 450% increase in agentic traffic over the year, concentrated around credit‑card payments and logins on gaming and gambling sites.
While the analysis does not categorise all such agentic activity as malicious, the emergence of autonomous agents alongside human users and traditional scripted bots introduces a new classification problem for detection tools and policy controls.
Malicious bots are also becoming harder to distinguish from humans. The report records a 59% rise in malicious bot attacks during 2025, noting these bots increasingly mimic human behaviours — for example cursor movements and interaction timing — to evade behavioural detection. Peaks in automated testing and attack activity were observed in March–April and again in August 2025.
Sectors most affected include ecommerce, where attack rates rose 64% year‑on‑year, and online betting and gaming, which saw a 76% increase. Account takeover attempts grew sharply, with login attack rates rising 216% as fraudsters sought to seize established customer accounts.
The analysis emphasises that regions such as APAC experienced both strong digital transaction growth and rising fraud activity, with attack rates in the region increasing to 1.7% and desktop browser attacks becoming more common.
The report quotes an industry fraud executive who observed that cybercriminals are adopting the same automation and AI tools available to legitimate businesses, increasing the need for better differentiation between human users, conventional bots and autonomous agents.
The executive added that collaboration across organisations — from shared intelligence to cross‑industry analytics partnerships — is becoming more important for effective defence.
For security teams, practical implications include prioritising detection approaches that combine device, behavioural and network telemetry; expanding controls against synthetic identities (for example through stronger onboarding verification and cross‑channel identity stitching); and updating account‑takeover defences to address automated agent strategies.
Intelligence‑sharing and coordinated response playbooks are also highlighted as critical to keeping pace with increasingly automated fraud campaigns.
