ARTICLE
16 July 2025

Fraud has evolved - has your organisation?

K
KordaMentha

Contributor

KordaMentha, an independent firm in Asia-Pacific, specializes in cybersecurity, financial crime, forensic, performance improvement, real estate, and restructuring services. With a diverse team of almost 400 specialists, they provide customised solutions to help clients grow, protect from financial loss, and recover value. Trusted since 2002, they deliver bold, impactful solutions for clients.
Fraud risk is accelerating. Many organisations are not adapting fast enough.
Australia Criminal Law

At this year's 36th ACFE Global Fraud Conference, one message was clear: fraud risk is accelerating, and many organisations are not adapting fast enough.

While businesses often feel confident in their controls, awareness campaigns, and reporting frameworks, that confidence is frequently based on outdated assumptions. The reality is that the nature of fraud has changed, and the threat now extends beyond traditional boundaries.

Fraud is no longer just a compliance issue. It has become a strategic business risk that impacts trust, operations and reputation. Today's offenders are well-resourced, technologically sophisticated and opportunistic. They are using the same digital tools and platforms as their targets, including artificial intelligence and behavioural data, to create convincing, hard-to-detect attacks. To remain resilient, organisations must view fraud risk as a whole-of-business issue, embedded into strategy, not relegated to the risk or audit team.

The modern fraud landscape is increasingly shaped by digital behaviour. Offenders are exploiting remote and hybrid work environments, leveraging AI to create synthetic identities and deepfakes, and taking advantage of employee behaviour patterns that don't show up in traditional monitoring systems. In this environment, simply relying on transactional analytics is not enough. Detection must also consider context and behavioural cues.

Challenging assumptions

Several longstanding assumptions around fraud are being challenged. Many organisations believe that strong internal controls are enough to prevent insider fraud. But when staff are working remotely and digital footprints become harder to track, behavioural analytics become essential. Others assume that fraud involving cryptocurrency is limited to dark web markets. In reality, crypto is now commonly used in scams such as romance fraud and false invoicing, taking advantage of the speed and anonymity that digital currencies can provide.

Artificial intelligence, often viewed as a silver bullet in fraud detection, is another area where optimism must be tempered. AI can absolutely assist in identifying anomalies and patterns, but it is also enabling offenders to scale and personalise attacks. Generative AI is being used to create fake voices, realistic-looking videos and sophisticated social engineering campaigns. The same tools that help prevent fraud are now also being used to commit it.

Whistleblower programs are another critical line of defence that are not delivering their full potential. Many leaders believe their whistleblower channels are working effectively. But insights from the ACFE conference made it clear that there is still widespread distrust in these systems, with fears of retaliation and organisational inaction preventing staff from speaking up. Without cultural change and leadership support, whistleblowing remains underutilised.

How is Australia faring?

In comparison to the rest of the world, Australia is performing well in some aspects of fraud prevention. Public awareness campaigns, banking regulation, and real-time payment system security are generally strong. However, other areas are lagging behind global best practice. Australia has a somewhat fragmented national fraud intelligence system, digital identity protection remains piecemeal across state and federal levels, and although whistleblower protections exist, there are still cultural impediments to overcome. Other countries are making faster progress, particularly Singapore with its unified digital ID framework and the United States, where significant investment is being made in deepfake detection technologies.

Several emerging fraud risks are also flying under the radar locally. Digital identity fraud is increasing, with platforms such as MyGov being impersonated in phishing and credential theft campaigns. ESG and green finance-related fraud, including the manipulation of carbon credit schemes, is growing internationally and is expected to become more common in Australia. Social media investment scams are also on the rise, often targeting multicultural communities and younger audiences. Employee-enabled fraud involving payroll and superannuation is another risk area as businesses rely more heavily on digital workflows and third-party platforms.

What are leading organisations doing?

Some of the most innovative strategies showcased at the conference focused on adapting to this evolving risk environment. Organisations are now deploying Explainable AI (XAI) to improve confidence in automated fraud detection. Natural language processing (NLP) is helping triage whistleblower reports, allowing urgent or credible allegations to be prioritised quickly. Red-teaming and simulation testing are being used to assess fraud readiness in real-world scenarios. Behavioural biometrics are being applied to monitor how users interact with systems, providing another layer of protection against credential-based attacks.

What sets these organisations apart is a mindset shift. They no longer see fraud as something to be managed by compliance teams in isolation. They recognise fraud as a board-level concern that requires regular investment, ongoing education and cultural leadership. There is a growing awareness that overconfidence and complacency are among the most dangerous enablers of fraud. In too many cases, organisations assume they are not a target or that their controls are infallible. In practice, these assumptions can lead to significant damage.

The consequences of being caught off guard can be severe. Beyond financial loss, organisations face reputational harm, regulatory scrutiny, operational disruption and in some cases, legal consequences for leadership. The collapse of Wirecard in Germany, involving billions in fraud and the arrest of its CEO, is a stark example of how internal failings and ignored red flags can escalate. While the scale may differ, the underlying vulnerabilities are often the same across industries and geographies.

What can you do now?

For leaders who want to take immediate action, a simple but highly effective first step is to hold a short "Fraud Reality Check" with their executive team. This 30-minute discussion should focus on four key questions: When was our last fraud risk assessment? What emerging threats are we not actively monitoring? If a major fraud occurred tomorrow, would we be ready? And where in our business is fraud most likely to occur? The answers often reveal blind spots and provide a clear direction for improvement.

It is clear that fraud is no longer just a matter of numbers. It is about trust, leadership and adaptability. The businesses that will be best positioned for the future are those that move beyond reactive measures and begin building fraud resilience as a strategic priority. Fraud has evolved. The question is, has your organisation?

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More