Organised fraud has transformed into a sophisticated, cross-border industry extracting tens of billions from the US economy every year.
According to Consilient, what once appeared to be isolated incidents of deception now bears a striking resemblance to a coordinated financial supply chain — one in which victims are sourced, groomed and exploited, while proceeds are funnelled through regulated institutions with alarming speed and intent.
The human cost is immediate and deeply personal. Retirement savings wiped out overnight. Small businesses destabilised. Families left financially exposed with little recourse. But the systemic implications extend far beyond individual hardship.
According to the FBI’s Internet Crime Complaint Center (IC3), reported cyber-enabled fraud losses in the US now exceed $16bn, with investment scams alone accounting for more than $4bn of that total. The Federal Trade Commission has recorded similarly sharp increases. Crucially, these figures reflect only reported cases — underreporting remains widespread, meaning the true economic toll is almost certainly considerably higher.
So the question is no longer whether scams are increasing. It is whether the financial system is structured to disrupt them, and at scale.
The industrialisation of online scams
Today’s scam networks bear little resemblance to the opportunistic schemes of a decade ago. They function more like structured enterprises, with dedicated teams handling initial outreach, social engineering, payment processing and fund movement. Law enforcement and investigative reporting have documented large compounds in certain regions housing hundreds of operators running investment and romance scams with scripted playbooks.
But this is not a geographically contained problem. Business email compromise schemes, ransomware operations and large-scale investment fraud networks regularly operate with defined hierarchies and affiliate models. Ransomware groups, for instance, commonly run on a “ransomware-as-a-service” basis — providing infrastructure to affiliates in exchange for a share of proceeds, mirroring legitimate software distribution models.
Generative AI has accelerated this industrialisation further. Fraudsters can now produce tailored phishing emails, realistic voice clones and multilingual scripts at scale, dramatically lowering the barrier to convincing deception. The cost of producing credible fraudulent content has collapsed, while potential returns remain high. Scam pages created via generative AI quadrupled globally between May 2024 and April 2025, generating more than 38,000 new scam pages per day.
The UN Office on Drugs and Crime has warned that “cyber-enabled fraud operations in Southeast Asia have taken on industrial proportions.” One UNODC author told ProPublica: “Banks have never been targeted at this scale, in these ways.” It is also worth noting that, according to the UN Human Rights Office, hundreds of thousands of people have been trafficked and are being held in scam centres across Cambodia, Myanmar, Laos, the Philippines and Thailand.
From victim acquisition to financial system monetisation
Understanding why this has become a system-level issue requires following the full lifecycle of a scam operation.
The first stage is victim acquisition. This may involve phishing, impersonation of trusted institutions, social grooming through dating platforms, or malware that captures credentials. Increasingly, these methods are combined — a victim might first encounter a scam via social media, be directed to a fraudulent investment platform, and then be persuaded to transfer funds through what appears to be a legitimate banking channel.
The second stage is extraction. Investment scams now represent the largest category of reported losses in the US, according to IC3 data. Business email compromise remains a persistent threat to corporate treasuries, with fraudsters manipulating payment instructions and vendor communications. Ransomware adds a further dimension, coercing organisations into payment under threat of operational disruption or data exposure.
The third — and most consequential for financial institutions — is monetisation. A scam may begin in cyberspace, but it becomes economically real the moment funds enter the regulated financial system. That is the conversion point at which digital deception is transformed into banked money.
The challenge is structural. Each institution may detect unusual activity within its own accounts, yet the broader criminal enterprise typically spans multiple banks, jurisdictions and payment rails simultaneously.
Mule accounts: The critical link in the chain
Mule accounts sit at the centre of this monetisation process. Funds are routed through individuals recruited via job advertisements, social media outreach or direct solicitation. Some recruits understand the illegality; others are misled into believing they are performing legitimate work. Either way, their accounts become transit points for criminal proceeds.
Consider two representative scenarios. In the first, a student responds to an online advert offering easy income for “payment processing” and moves substantial sums through newly opened accounts across several institutions within days. In the second, an individual facing financial hardship is persuaded to open multiple accounts and transfer incoming funds in exchange for a small commission. Transfers are often structured to avoid obvious detection triggers and executed rapidly to reduce the chance of intervention. Funds may then be consolidated offshore or converted into cryptoassets before re-entering the traditional financial system elsewhere.
No single bank sees the entire chain. Organised networks rely on precisely that fragmentation.
State-tolerated cybercrime and the geopolitical dimension
This brings the discussion to more contested territory. In certain jurisdictions, large-scale scam and ransomware operations have persisted for years with limited disruption. Economic incentives, corruption or selective enforcement reduce the operating risk for organised groups. In some instances, overlaps have been observed between cybercriminal networks and actors aligned with broader national interests.
This does not mean every scam is state-sponsored. But it does mean that in parts of the world, the operating environment allows organised cybercrime ecosystems to mature and scale with relative impunity. Ransomware groups openly recruit affiliates. Scam networks operate with infrastructure that suggests long-term continuity rather than short-lived opportunism.
Financial fraud is increasingly intersecting with national security considerations. Proceeds from organised scams do not exist in isolation — they can be reinvested into further criminal activity or deployed in sanctions evasion and other destabilising conduct. Scams at scale are therefore not merely a consumer protection issue. They touch financial resilience and strategic stability.
Why traditional AML detection is struggling to keep pace
Financial institutions have invested heavily in transaction monitoring, customer due diligence and suspicious activity reporting. Onboarding controls have been strengthened, typology development has improved, and escalation processes have been refined. Yet the problem continues to grow.
Organised scam networks are distributed by design. Mule accounts are opened across institutions. Transfers move rapidly between banks. Even when a single institution identifies suspicious activity and files a suspicious activity report, the funds may already have traversed several entities and multiple jurisdictions.
Regulators are increasingly focused on earlier disruption — particularly in areas such as authorised push payment fraud and mule detection. The expectation is shifting from documenting suspicious flows to actively preventing them. At the same time, institutions must manage false positives carefully. Excessive friction damages customer experience and erodes trust. Widening coverage without overwhelming compliance operations remains a significant operational challenge.
A system-level response is now unavoidable
The conclusion is difficult to avoid. Scams operate as coordinated networks; financial institutions largely detect risk in isolation. That structural mismatch creates the space in which organised groups scale their operations.
If monetisation depends on regulated infrastructure, that infrastructure becomes the logical intervention point. What is needed is not more rules, but better coordination — intelligence-sharing mechanisms that allow institutions to identify shared risk indicators without centralising sensitive customer data. Only then can the industry move from reactive reporting to proactive disruption.
The human impact of scams at scale is already visible in the billions lost and the lives disrupted. The systemic implications are unfolding more gradually, but no less seriously. As organised cybercrime continues to industrialise, the financial system will ultimately be judged not only on how well it reports suspicious activity, but on how effectively it prevents organised extraction at scale.
Copyright © 2026 FinTech Global
