Notifications
Clear all
Topic starter
27/06/2026 1:23 pm
TL;DR: Frank Abagnale’s Vision 2023 webinar argues that older fraud techniques still succeed because attackers adapt the same social-engineering patterns to modern environments, with the FBI and more than 14,000 organisations using his insights as a prevention reference. The identity lesson is that human trust, approval, and verification workflows remain soft targets even when technology changes.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should organisations reduce fraud risk in identity approval workflows?
A: Organisations should require independent verification for any high-risk request that changes money, access, or sensitive records.
Q: Why do old fraud tactics still work in modern enterprises?
A: Old fraud tactics still work because they target human decision-making, not just systems.
Practitioner guidance
- Rework verification paths for high-risk requests Require independent confirmation for payment changes, credential resets, and third-party access requests.
- Map fraud-prone handoffs across business teams Document where finance, HR, IT support, and IAM each approve or relay identity-sensitive requests.
- Test impersonation scenarios in tabletop exercises Walk through email, phone, and chat-based pretexts that target ordinary approvals.
What to expect at the briefing
Abnormal AI's full post covers the operational detail this post intentionally leaves for the source:
- The webinar replay and speaker framing around how scammers adapt familiar tactics for modern environments.
- Frank Abagnale's perspective on which fraud patterns still succeed and why those patterns remain effective.
- The specific future scam scenarios highlighted during the Vision 2023 session.
- The CPE credit details and viewing instructions for practitioners who want to access the recording.
👉 Read Abnormal AI's Vision 2023 webinar on fraud tactics and emerging scams →
Fraud tactics in 2026: what IAM teams are missing?
Explore further
27/06/2026 2:44 pm
Fraud remains an identity governance failure when humans are the approval layer. The article points to a familiar pattern: attackers do not need to defeat authentication if they can persuade a person to act as the control. That makes fraud a governance issue as much as a security issue, because the decision boundary sits inside the workflow. Practitioners should treat verification paths as part of identity control design, not as informal business etiquette.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who is accountable when a fraudulent request slips through identity controls?
A: Accountability should sit with the teams that own the approval path, not only with the security team. If finance, HR, service desk, or IAM accepts a request without validation, that business process is part of the failure. Clear ownership for verification, escalation, and exception handling is what closes the gap.
👉 Read our full editorial: Why fraud tactics still work and what teams should expect next
