Organised fraud has evolved far beyond isolated incidents. Today, it functions as a structured, cross-border industry extracting tens of billions from the US economy every year.
According to Consilient, what once appeared as scattered cases of deception now resembles a coordinated financial supply chain — one in which victims are sourced, groomed, exploited, and their funds moved through regulated institutions with precision and intent.
The human consequences are immediate: retirement savings wiped out, small businesses destabilised, and families left financially exposed. But the systemic implications are broader and considerably more uncomfortable.
According to the FBI’s Internet Crime Complaint Center (IC3), reported cyber-enabled fraud losses in the US now exceed $16bn, with investment scams alone accounting for more than $4bn of that total. The Federal Trade Commission has reported similarly sharp increases. Crucially, these figures capture only reported cases — underreporting remains substantial, meaning the true economic cost is almost certainly far higher.
The question is no longer whether scams are increasing. It is whether the financial system is structured to disrupt them at scale.
The industrialisation of online scams
Modern scam networks bear little resemblance to the opportunistic fraud of previous decades. They are structured enterprises. Distinct teams manage initial outreach, social engineering, payment processing, and fund movement. Law enforcement and investigative reporting have documented large compounds in certain regions housing hundreds of operators running investment and romance scams using scripted playbooks.
This is not confined to a single geography. Business email compromise schemes, ransomware operations, and large-scale investment fraud networks routinely function with defined hierarchies and affiliate models. Ransomware groups, for instance, commonly operate on a ransomware-as-a-service basis — providing infrastructure to affiliates in exchange for a share of proceeds, mirroring legitimate software distribution models.
Generative AI has accelerated this industrialisation further. Fraudsters can now produce tailored phishing emails, realistic voice clones, and multilingual scripts at scale, dramatically lowering the barrier to convincing deception. Scam pages created via generative AI quadrupled globally between May 2024 and April 2025, producing over 38,000 new scam pages per day.
The UN Office on Drugs and Crime has warned that “cyber-enabled fraud operations in Southeast Asia have taken on industrial proportions,” with one UNODC author telling ProPublica: “Banks have never been targeted at this scale, in these ways.” The UN Human Rights Office has also noted that hundreds of thousands of people have been trafficked and are trapped in scam centres across Cambodia, Myanmar, Laos, the Philippines, and Thailand.
From victim acquisition to financial system monetisation
Understanding why this has become a system-level issue requires following the full lifecycle of a scam.
The first stage is victim acquisition. This may involve phishing, impersonation of trusted institutions, social grooming via dating platforms, or malware capturing credentials. Increasingly, these tactics are combined — a victim may encounter a scam through social media, be directed to a fraudulent investment platform, and ultimately transfer funds through what appears to be a legitimate banking channel.
The second stage is extraction. Investment scams now represent the largest category of reported losses in the US, per IC3 data. Business email compromise remains a persistent threat to corporate treasuries, with fraudsters manipulating payment instructions and vendor communications. Ransomware adds a further dimension, with organisations coerced into payment under threat of operational disruption or data exposure.
The third stage — and the one most consequential for financial institutions — is monetisation. The scam begins in cyberspace. It becomes economically real the moment funds enter the regulated financial system. That is the conversion point where digital deception becomes banked money.
Each institution may detect unusual activity within its own accounts. Yet the broader criminal enterprise typically spans multiple banks, jurisdictions, and payment rails simultaneously.
The role of mule accounts
Mule accounts sit at the centre of this monetisation process. Funds are routed through individuals recruited via job advertisements, social media outreach, or direct solicitation. Some recruits understand the illegality involved; others are misled into believing they are performing legitimate work. Either way, their accounts become transit points for criminal proceeds.
Consider two illustrative examples. In one, a student responds to an online advertisement offering easy income for “payment processing” and moves substantial sums through newly opened accounts across several institutions within days. In another, an individual facing financial hardship is persuaded to open multiple accounts and transfer incoming funds in exchange for a small commission.
Transfers are often structured to avoid obvious triggers and executed rapidly to reduce the chance of intervention. Funds may then be consolidated offshore or converted into cryptoassets before re-entering the traditional financial system elsewhere. No single bank sees the entire chain — and organised networks rely on precisely that fragmentation.
State tolerance and the geopolitical dimension
There is a more contentious dimension to this picture. In certain jurisdictions, large-scale scam and ransomware operations have persisted for years with limited disruption. Economic incentives, corruption, or selective enforcement reduce the operating risk for organised groups. In some instances, overlaps have been observed between cybercriminal networks and actors aligned with broader national interests.
This does not imply that every scam is state-sponsored. But it does mean that in parts of the world, the environment allows organised cybercrime ecosystems to mature and scale. Ransomware groups openly recruit affiliates. Scam networks operate with infrastructure suggesting long-term continuity rather than short-lived activity.
Financial fraud increasingly intersects with national security. Proceeds from organised scams do not exist in isolation — they can be reinvested into further criminal activity or intersect with sanctions evasion and other destabilising conduct. Scams at scale therefore extend well beyond consumer protection. They touch financial resilience and strategic stability.
Why traditional AML detection is struggling
Financial institutions have invested heavily in transaction monitoring, customer due diligence, and suspicious activity reporting. Onboarding controls have been tightened, typology development improved, and escalation processes refined. Yet this is not enough.
Organised scam networks are distributed by design. Mule accounts are opened across multiple institutions. Transfers move rapidly between banks. Even when a single institution identifies suspicious activity and files a suspicious activity report, funds may already have traversed several entities.
Regulators are increasingly focused on earlier disruption — particularly around authorised push payment fraud and mule detection. The expectation is shifting from documenting suspicious flows to preventing them. Institutions must also manage false positives carefully; excessive friction undermines customer experience and trust. The challenge is widening coverage without overwhelming operations.
A system-level response
The conclusion is difficult to avoid. Scams operate as coordinated networks. Financial institutions largely detect risk in isolation. That structural mismatch creates opportunity for organised groups to scale.
If monetisation depends on regulated infrastructure, that infrastructure becomes the logical intervention point. What is needed is not simply more rules, but better coordination — intelligence-sharing mechanisms that allow institutions to identify shared risk indicators without centralising sensitive customer data. Only then is it possible to move from reactive reporting to proactive disruption.
The human impact of scams at scale is already visible in the billions lost and the lives disrupted. The systemic implications are unfolding more gradually, but no less seriously. As organised cybercrime continues to industrialise, the financial system will be judged not only on how well it reports suspicious activity, but on how effectively it prevents organised extraction at scale.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
