Fraud, deepfakes and AiTM: what verification teams need to know

TL;DR: Impersonation fraud made up more than 85% of fraud attacks in 2025, AiTM attacks still bypass MFA via session cookie theft, and e-commerce hit a 19.2% net fraud rate, according to Veriff’s 2026 Identity Fraud Report, showing how AI and automation are changing verification. Conventional identity checks are no longer enough when the attack surface includes deepfakes, injected media, and real-time credential relay.

NHIMG editorial — based on content published by Veriff: Six key online fraud trends to watch in 2026

By the numbers:

• Impersonation fraud accounted for over 85% of all fraud attacks in 2025.
• Both physical and digital AiTM attacks saw significant declines in 2025, with physical attacks dropping by 34% and digital attacks by 66%.

Questions worth separating out

Q: How should security teams reduce fraud when attackers use deepfakes and synthetic identities?

A: They should combine document validation, liveness detection, behavioural analytics, and risk-based step-up checks rather than relying on a single identity proofing event.

Q: Why do AiTM attacks still matter if organisations already use MFA?

A: AiTM attacks matter because MFA can still be bypassed when an attacker relays the user’s authentication flow and steals the resulting session cookie.

Q: What breaks when organisations trust documents or devices too much in verification flows?

A: Proofing breaks when documents, devices, or captured media are treated as inherently reliable.

Practitioner guidance

• Raise assurance for high-risk onboarding paths Use stronger verification for accounts or transactions that create outsized downstream trust, especially where documents, faces, and device signals can be manipulated together.
• Adopt phishing-resistant authentication for exposed user groups Move targeted populations such as administrators, finance users, and support staff to certificate-based or similarly phishing-resistant methods so session relay becomes materially harder.
• Treat session tokens as high-value assets Shorten token usefulness where possible, monitor replay patterns, and bind sessions more tightly to context so a captured cookie does not behave like a durable credential.

What's in the full article

Veriff's full article covers the operational detail this post intentionally leaves for the source:

• Breakdowns of the fraud methods behind impersonation, AiTM, emulator, and injection attacks.
• The report’s regional fraud pattern data for North America, the EU and UK, and Latin America.
• Action guidance on facial biometric verification, behavioural analytics, machine learning, and fraud intelligence.
• The EU AI Act angle for businesses using AI in fraud detection and prevention.

👉 Read Veriff’s 2026 fraud trends analysis for identity verification and fraud prevention →

Fraud, deepfakes and AiTM: what verification teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →