It is comforting to believe in the phrase “fooled once, never fooled twice”, but in the modern fraud lifecycle that assumption no longer holds. Today’s fraudsters are not opportunistic lone actors; they are organised, data-driven networks that deliberately return to the same victims again and again.
According to RelyComply, enabled by advanced technology and data sharing, re-targeting scams have become a core tactic, allowing criminals to extract increasing value from fewer individuals while remaining difficult to detect.
Across digital channels in particular, a troubling pattern of victim recycling has emerged. Individuals who fall victim to an initial scam are often groomed into money muling or pulled into prolonged cycles of deception that unfold over months rather than days. This behaviour highlights the darker side of large-scale data harvesting and sharing, and underlines why fraud prevention and AML controls can no longer operate in isolation if repeated exploitation is to be stopped.
The scale of fraud revictimisation was highlighted in Laundered, where Gareth Dothie, head of bribery and corruption at the City of London Police, observed that even mature economies like the UK are being overwhelmed by repeat exploitation. While scams themselves are not new, the speed at which victims are re-targeted — sometimes within months of an initial incident — represents a uniquely harmful threat that is fast becoming routine.
At the heart of this trend is the commodification of victim data. Once a person has been identified as vulnerable, their information rarely remains with a single fraudster. Instead, it is shared across international criminal groups comprising social engineers, money launderers and crypto specialists, each playing a role in extracting further value. Victims become low-hanging fruit: more likely to disclose additional information, more susceptible to emotional manipulation, and easier to exploit at scale in a business-like, almost industrial manner.
This model is fuelled by the sheer volume of personal data in circulation. Individuals routinely hand over sensitive information to banks, healthcare providers, airlines, social media platforms and e-commerce sites. Data breaches, often financially motivated, have become commonplace, contributing to millions of fraud and computer misuse offences recorded in the UK each year. For many initial victims, shame or denial masks the reality that they have been deliberately targeted, while emotional distress and fear of consequences can leave them vulnerable to further coercion.
Within the criminal underworld, this information is refined into highly valuable “full identity kits”, or fullz. Fragmented GPS data, contact details, identification documents and scam histories are bundled together and traded through dark web marketplaces. These databases function much like CRM systems, allowing organised groups to track interactions, tailor scripts and deploy multi-language campaigns that evolve based on a victim’s previous responses. Someone affected by a romance scam may later be targeted with an investment opportunity, while phishing victims are primed for impersonation fraud.
Repeated exploitation most commonly manifests through so-called recovery scams. Here, criminals impersonate trusted authorities or service providers — including banks, cybersecurity firms or even law enforcement — claiming they can help recover lost funds. By reusing stolen KYC details, fraudsters create a convincing illusion of legitimacy. Trust is rebuilt, additional payments are demanded, and victims are slowly pushed towards money muling, moving illicit funds under pressure or threat.
These outcomes are exacerbated by fragmented financial crime controls. Historically, fraud teams and AML teams have worked in silos, with limited data sharing between onboarding, monitoring and reporting systems. As a result, early warning signs of repeat victimisation — such as multiple scam reports, unusual payment spikes, or unexplained third-party deposits — may be logged without the broader context needed to intervene effectively.
Protecting vulnerable customers now requires integrated approaches that combine continuously updated KYC data with behavioural monitoring and transaction intelligence. Entity resolution across systems can reveal patterns of repeat targeting, while shared intelligence between banks, FinTechs, RegTech providers and law enforcement enables faster escalation.
As re-targeting scams become the norm rather than the exception, understanding the full fraud lifecycle is no longer optional. It is a moral and operational imperative for financial institutions seeking to disrupt criminal networks and prevent further harm.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
