Authorized Push Payment (APP) fraud is one of the most damaging forms of digital deception. The pattern repeats itself thousands of times each year: an email from the bank’s security team warning of suspicious activity. A phone call that follows immediately. The caller ID matches. The “fraud prevention officer” knows details about recent transactions.
Within minutes, the victim authorizes a transfer to “protect” their savings — often tens of thousands of pounds. The realization comes too late. The money is already gone. This is Authorised Push Payment (APP) fraud — a crime where the victim themselves, under manipulation, authorizes the transfer. Unlike unauthorized fraud where criminals break into accounts, APP fraud weaponizes human psychology. The victim willingly — though unknowingly — hands over their money.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Beyond Compliance: How Financial Institutions Can Meet New Fraud-Sharing Mandates While Respecting Privacy
March 30, 2026
Authorized Push Payment (APP) fraud is one of the most damaging forms of digital deception. The pattern repeats itself thousands of times each year: an email from the bank’s security team warning of suspicious activity. A phone call that follows immediately. The caller ID matches. The “fraud prevention officer” knows details about recent transactions. Within minutes, ...
- Cloud Phones: The Invisible Threat
March 25, 2026
What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy ...
- Unpacking a new Horabot campaign in Mexico
March 18, 2026
In this instalment of Kaspersky SOC Files series, Kaspersky researchers will walk you through a targeted campaign that our MDR team identified and hunted down a few months ago. It involves a threat known as Horabot, a bundle consisting of an infamous banking Trojan, an email spreader, and a notably complex attack chain. Although previous research ...
- Halifax and Lloyds customers hit by online data breach
March 12, 2026
Lloyds, Halifax and Bank of Scotland customers were given access to strangers’ banking transactions in a major online data breach this morning. Customers were able to view charges and payments on their banking apps that were not linked to their own transactions following the suspected technical glitch. Wage payments, HMRC reference numbers and other personal transactions were ...
- BeatBanker: A dual‑mode Android Trojan
March 10, 2026
Recently, Kaspersky researchers uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play Store. To achieve their goals, the malicious APKs carry multiple components, including a cryptocurrency miner and a banking Trojan capable of completely hijacking the device and spoofing screens, among other ...
- Taiwan Indicts 62 Over Laundering $339M From Crypto Scam Compounds in Cambodia
March 4, 2026
Taiwanese prosecutors have indicted 62 people over their alleged links to Prince Group, a network designated as a transnational criminal organization by the U.S. Department of Justice. According to a report by Reuters, those indicted include the group’s chairman and alleged mastermind Chen Zhi, who was arrested in Cambodia and extradited to China earlier this year.Thirteen ...