The world’s most dangerous criminal organizations don’t look like what you’d expect – they resemble Fortune 500 companies. They are sophisticated, disciplined and scaled to the point of industrialization. In this part of our fraud series, we examine the inner workings of the world’s most pervasive crime: social engineering fraud. We go inside the compounds and their corporate-style departments to reveal the organized machinery that makes them so hard to dismantle.
Romance scams. Spear phishing. Authorized Push Payment fraud (APP fraud). These social engineering atttacks are no longer marginal threats. For banks and financial institutions, they represent one of the fastest-growing forms of fraud – costing billions each year and eroding customer trust and institutional reputation.
In our first article of our fraud series, we revealed who is behind this global enterprise worth over $1 trillion and looked inside their vast complexes around the world, housing hundreds to thousands of trafficked workers. Now, we turn our focus towards how scam compounds operate; how they replicate corporate structure, scale with technology, deploy Fraud-as-a-Service (FaaS) and drive threats that risk not just money, but reputation and trust.
Fraud Inc.: Departments like real companies
Step inside a scam compound and what you’ll find looks less like a criminal hideout and more like a corporate headquarters. Inside, these operations function as fully fledged business ecosystems.
It all begins with procurement, the recruitment process that fuels the enterprise. Recruiters post fake job ads on social media and employment platforms, offering high salaries and promising conditions. Many who apply are students, retirees, or people in vulnerable economic situations. Few realize they’re being drawn into a human trafficking network. Once they arrive at what they believe is their new workplace, they find themselves trapped within guarded compounds and forced into labour – trained and deployed to defraud victims around the world.
From there, new arrivals enter structured training academies that mirror legitimate corporate onboarding. They are given scripts, coached on tone and persuasion, and taught to impersonate trusted individuals or institutions. They learn how to overcome objections, create urgency, and craft convincing messages and emails – all the hallmarks of professional sales training, repurposed for deception.
Once trained, recruits join the call centres, the heart of the operation. Floor after floor of desks are filled with “sales teams” executing scams around the clock. Performance is tracked obsessively: conversion rates, value per victim, number of successful interactions, and response times to leads. High performers are rewarded. Those who fall behind face severe punishment.
Underpinning it all are the operations and IT teams, ensuring the smooth running of the criminal enterprise. Infrastructure is maintained, systems monitored, and data managed. Meanwhile, payroll and accounting functions handle the proceeds, laundering the fraudulently obtained funds and reinvesting them to expand and sustain the operation further.
But perhaps most sophisticated is the R&D unit: its sole purpose is to stay one step ahead of banks’ fraud prevention measures. These teams constantly evolve and fine-tune new attack methods to bypass the latest defenses. They test social engineering workflows, refine bypasses for two-factor authentication and explore how to exploit gaps in identity verification. Increasingly, they use AI tools to deepen deception with deepfake voice impersonations, synthetic IDs or AI-generated phishing platforms.
On paper, you would not be able to distinguish the internal structure from that of a legitimate company.
Scaling fraud with AI & FaaS
No single compound has to reinvent the wheel – and increasingly, these large criminal enterprises are even franchising out their operations. Through fraud-as-a-Service (FaaS) models, they sell or lease “pluggable fraud kits” on the dark web. Those contain identity-spoofing services, exploit packages, script libraries, all available with a few clicks, making it easier for individuals to deploy sophisticated APP scams or impersonation attacks without any previous technical or scam background. It’s a franchise model for cybercrime.
Using software and AI to streamline scams
Scammers must reach the high call volume KPIs required everyday and to do so, they must rely on Voice-over-IP (VoIP) services. VoIP allows them to make international calls cheaply via the internet while spoofing caller IDs with UK or EU country codes to appear more credible. These tools also provide a steady supply of fresh phone numbers when agents’ numbers get blacklisted as spam.
Scammers also use software stacks that mirror legitimate corporate tools. CRM-style dashboards track leads and capture victim information like investment experience, call history and personal details. Stolen identity databases enable highly personalised attacks, and increasingly, AI chatbots automate message personalisation and generate deepfakes. Tools like ChatGPT are actively deployed inside compounds to craft convincing investor narratives and sustain prolonged, trust-building conversations with victims.
Why banks must look beyond the transaction
Fraud losses are exploding. In 2024, consumers in the U.S. lost over $12.5 billion to scams, with investment and imposter scams alone making up most of it. In Norway, losses from social engineering rose 21% between 2021 and 2022, reaching NOK 290.3 million ($25-30 million USD) as more users were manipulated into authorizing payments – a trend that has also been noted by European banks, which saw digital payment fraud rise by 43% in 2024 compared to 2023, with social engineering tactics increasing by 156% and phishing by 77%.
These operations hurt banks in far more ways than immediate financial loss. Each successful scam erodes trust – from customers, regulators and the public. When customers believe their bank can’t protect them, they may flee to competitors or lose faith. Regulatory scrutiny and fines also increase, especially as social engineering becomes the fraud vector regulators are watching most closely.
The human toll and what can be done
It is apparent that fraud is shifting from solely technical compromises to manipulations of human trust, but not only of those deceived to send money. Many scammers are recruited under false pretenses, trafficked or working under duress – a grim reality upon which these industrial fraud machines are built.
Tools to fight (social engineering) fraud
Social engineering scams are among the most challenging threats banks face today. Unlike traditional fraud like forged documents, these scams manipulate genuine customers into authorizing payments or sharing sensitive information – often without realizing they’re being deceived. This is especially true in cases like APP fraud, where the victim is tricked into sending money themselves, and because the transaction appears legitimate and is initiated by the account holder, detecting these scams demands a new level of vigilance and smarter technology.
To combat this, banks need tools that go beyond standard identity checks. Solutions must be able to spot subtle signs of coercion and manipulation in real time. Video-based verification solutions are purpose-built for this and are the only verification method capable of detecting social engineering attempts through dynamic, human-led interactions and social-engineering–style questioning that reveal behavioral inconsistencies or signs of distress that may indicate a customer is being manipulated by a scammer.
With social engineering, the focus shifts from verifying identity to understanding intent. That’s where platforms like the IDnow Trust Platform comes in. By integrating behavioral biometrics, such as erratic transaction histories, geographical inconsistencies and device switching, it flags suspicious patterns and enables real-time risk assessment throughout the entire customer lifecycle, not just at onboarding.
In addition, end‑user education is a critical pillar: in the UK, where APP fraud has been huge, banks are now required to reimburse victims up to £85,000. With prevention efforts now in place, case volumes have fallen by 15 %.
Together, these capabilities transform fraud prevention from reactive patching to proactive defense.
Social engineering has always existed but in today’s digital, hyperconnected world, it has evolved into a global trade. What once were isolated scams have become industrialized operations running 24/7, powered by automation and scale. Fraud factories exploit the weakest link in the chain – human vulnerability – making them harder to detect and the biggest threat to banks today. For financial institutions, the challenge is no longer about patching single points of failure, it’s about dismantling entire production lines of deception. Understanding what happens inside these operations is now the first line of defense in a war that criminals are currently winning.
Interested in more stories like this one? Check out:
- The true face of fraud #1: The masterminds behind the $1 trillion crime industry to explore who is behind the fastest-growing schemes today, where are the hubs of so-called scam compounds and what financial organizations must understand about their opponent.
- The rise of social media fraud: How one man almost lost it all to learn about romance fraud to investment scams and the multitude of ways that fraudsters use social media to target victims.
By
Nikita Rybová
Customer & Product Marketing Manager at IDnow
Connect with Nikita on LinkedIn
