CFOtech Canada - Technology news for CFOs & financial decision-makers
Canada

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Realistic illustration person wearing mask made by computer screen identity theft threat ai deepfakes
#
Malware
#
Phishing
#
Physical Security

AI-driven identity fraud rises as deepfakes & injection attacks soar

Thu, 27th Nov 2025
Author image
By Sean Mitchell, Publisher

Identity fraud has risen in both scale and sophistication, with a marked surge in the use of artificial intelligence to bypass traditional security measures. Entrust's latest report highlights the growing threats posed by deepfakes, social engineering, and injection attacks across global markets.

Deepfakes surge

Deepfake technology accounted for 20% of all biometric fraud attempts, with documented cases of deepfaked selfies increasing by 58% in the last year. Fraudsters are also using multiple methods to defeat biometric authentication, including presenting photos of screens, printouts, and using 2D and 3D masks. These advanced attacks frequently mimic live capture requirements, making them harder to detect.

Injection attacks have also seen notable growth, rising 40% year-over-year. This technique involves feeding manipulated images or videos directly into verification systems, enabling fraudsters to bypass live user verification. When combined with deepfake methods, such attacks can closely simulate legitimate user behaviour.

Lifecycle trends

The report details variations in fraud throughout different stages of the customer lifecycle, with particular industries facing unique challenges. Onboarding fraud remains concentrated in sectors offering sign-up bonuses, such as cryptocurrency firms, which experience 67% of fraudulent activities during customer registration. Payments and digital-first banks are more frequently targeted by account takeover fraud, which comprises 82% and 55% of authentication-targeted frauds, respectively. These attacks often rely on techniques such as stolen credentials, phishing campaigns, malware and social engineering to seize control of existing user accounts.

Social manipulation

Psychological manipulation and social engineering now form a core element of identity fraud tactics. Fraudsters routinely employ phishing, impersonation, and direct coercion to convince individuals to provide real identification or disclose sensitive data. This evolution in tactics reflects a shift from purely technical breaches to targeting human vulnerabilities.

Document targeting

National ID cards have emerged as the most frequently targeted document for fraudulent submissions worldwide, accounting for 46% of all counterfeit documentation. This figure rises to 60% in APAC and 45% in EMEA. In contrast, the Americas experience higher rates of forged driver's licences, at 37%.

Physical counterfeits remain more common overall, making up 47% of documented fraud, but there has been a significant rise in digital forgeries. Digital forgeries represented 35% of fraudulent documents in the past year, an increase from a 29% average in previous years. The increasing sophistication of these digital forgeries is attributed to the wider availability of online AI tools.

Regional differences

Fraud rates vary widely by region. The global average stands at 3.1%, but the Americas report a higher 4.3%, APAC registers 2.1%, and EMEA records the lowest rate at 1.4%. Analysis also reveals that fraudulent activity peaks between 2:00 am and 4:00 am UTC, when many organisations are less likely to have active defences in place.

Repeat strategies

Many fraud operations adopt repetitive tactics, recycling fake details across numerous identity documents. Commonly used names such as Jon Doe, document numbers like A12345678, and recurring birthdates such as October 16, 1986, frequently appear across fraudulent applications.

"As detection improves, fraud rings evolve, becoming faster, more organised, and commercially driven. Generative AI and shared tactics fuel volumes and sophistication, targeting people, credentials, and systems. Identity is now the front line, and protecting it with trusted, verified identity across the customer lifecycle is essential to staying ahead of adaptive threats," said Simon Horswell, Senior Fraud Specialist Manager, Entrust.

"With over 1 billion identity verifications conducted across 195 countries and more than 30 industries, Entrust offers unparalleled insights into how fraud operates and how to help mitigate it," said Tony Ball, President of Payments & Identity and Incoming CEO, Entrust. "Our global reach and deep fraud intelligence mean we're uniquely placed to drive continuous innovation and share meaningful insights for customers. The future of digital trust lies in layered, identity-centric strategies powered by AI, delivering fraud prevention and seamless user experiences," said Ball.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Canadian CIOs juggle AI gains with shadow AI risks
How to detect fake players in online gaming
Xero rolls out AI bank reconciliation with JAX tool
AI delivers returns for wealth managers, FNZ study finds
Fi911 launches ResolveLab to streamline payfac dispute tools

Top stories

CMC highlights ‘Furious Five’ themes set to shape 2026
AI-led workplaces twice as likely to beat revenue goals
New coalition to steer Canada’s digital infrastructure
Canada's modern tech threat: Cybercrime you can subscribe to
NiCE’s 2024 ESG report shows gains in climate & ethics