16 hours ago
14
“Scammers ignore national borders, so defences must do the same,” Driver says. “A fraud scheme engineered overseas can easily emerge elsewhere, underscoring the importance of sharing even minor data signals across borders and industries.”
Dan Elliott, field chief information security officer at Recorded Future, says criminals are rapidly evolving their tactics. “Typosquatting is surging – criminals register domains nearly identical to legitimate businesses, creating ‘watering holes’ that harvest login credentials from visitors who mistype a URL, or lend credibility to phishing emails,” Elliott explains. “AI-generated deepfakes have become nearly undetectable. Attackers use synthetic voice and video to impersonate executives, making it almost impossible to distinguish fake from real.”
Collaboration, not silos
The globalisation of scams exposes the limits of national responses and one-off technology fixes. Criminal groups work across multiple jurisdictions, deploying the same infrastructure in several markets and exploiting gaps between financial systems. Collaboration is now as important as technology.
Elliott emphasises that the more intelligence moves freely between partners, the fewer blind spots scammers can exploit. “Criminals watch what works among their peers – whatever gets them to their goal quickest. By analysing data across regions, we can better predict criminal tactics and apply effective security controls before attacks become widespread.”
Recorded Future works with partners including Mastercard to track and analyse indicators of compromise across global networks. This upstream approach lets organisations identify and disrupt fraudulent activity before it reaches customers.
Notably, intelligence sharing is accelerating in Australia, with institutions joining the Australian Financial Crimes Exchange (AFCX) and other platforms to pool insights and respond rapidly to emerging threats.
Long-term resilience depends on clear priorities, shared responsibility, and preparation for worst-case scenarios, not just reactive clean-ups.
“Executives and security leaders need to define success together, recognising that attacks will occur. Know what you own – your assets, both hardware and software – because you can’t protect what you don’t know exists. Then, consider all the players: internal stakeholders, external partners, and, from an offensive perspective, know your enemy – their motivations, tactics, and targets,” Elliott says.
Partnerships are key
Addressing these threats requires collaboration across sectors, not just individual efforts. “Partnerships among financial institutions, regulators, and technology providers are crucial in combating scam activity,” Driver says. “Scam prevention goes beyond business, it impacts society as a whole. Effective collaboration is essential for building digital trust on a large scale.”
Recent industry data shows that scam losses in Australia are steadily decreasing, thanks to these co-ordinated efforts. Customer-owned banks have reported significant drops in scam losses after boosting their defences, and voluntary standards adopted by the sector are making a measurable impact.
Behavioural analytics is another part of the response. “Behavioural analytics lets us move from detection to prediction,” Driver says. “Instead of waiting for a rule to trip after the fact, we learn what ‘good’ looks like across identity, device, location, velocity, and spending patterns, so when something doesn’t fit, we can flag risk before a transaction is approved.”
The fight against scams extends beyond banking. Australian banks are collaborating with telecommunications companies, social media platforms, and government agencies to build a comprehensive ecosystem for scam prevention. This cross-sector approach is critical to closing gaps exploited by criminals and ensuring that intelligence flows freely between all stakeholders.
Australia’s regulatory response is also evolving, with governments investing in joint taskforces and prevention programs designed to bring together banks, telcos, and the digital sector. “Cyber criminals don’t respect industry boundaries, so looking at payment fraud and e-skimming allows our research teams to uncover additional criminal trends. In a broader sense, our partnerships enable more effective collective security,” Elliott says.
For businesses, predictive protection is increasingly a commercial imperative, not just a compliance exercise. The impact of scams goes beyond immediate financial loss, often affecting reputation, customer trust, and creating expensive clean-up work. “There is a significant need to shift our activities further to the left, well before an attack could occur,” Elliott says.
To find out more, please visit Mastercard.
