Notifications
Clear all
Topic starter
22/06/2026 10:04 am
TL;DR: Across 3,000 years of fraud, the tactics change from counterfeit coins and false weights to deepfakes and fraud-as-a-service, but the psychological levers stay the same: trust, fear, greed, urgency, and authority, according to Sumsub. The history matters because modern deception now scales faster than human verification cycles can keep up.
NHIMG editorial — based on content published by Sumsub: From Alchemy to Algorithms: A History of Fraud
Questions worth separating out
Q: How should security teams reduce fraud risk when attackers can imitate trusted people and processes?
A: They should add independent verification for high-impact actions, reduce reliance on a single channel, and design workflows so urgency does not bypass scrutiny.
Q: Why do AI deepfakes and voice cloning make fraud harder to stop?
A: Because they lower the cost of producing convincing impersonation at scale.
Q: What do organisations get wrong about fraud prevention?
A: They often focus on blocking known scam patterns instead of reducing the conditions that make scams work.
Practitioner guidance
- Add independent verification steps to high-risk requests Require a second, separate channel for approving payments, credential resets, vendor onboarding, and other high-impact actions.
- Harden identity proofing against synthetic impersonation Review whether your current identity checks can distinguish a real person from a voice clone, deepfake, or scripted social engineering flow.
- Train staff to treat urgency as a risk signal Update awareness programmes so employees recognise compressed decision time, emotional pressure, and authority cues as indicators to pause and verify.
What's in the full article
Sumsub's full article covers the historical examples and fraud patterns this post intentionally leaves at a higher level:
- Detailed case studies from ancient trade, medieval relic markets, and modern financial fraud
- The full timeline of how fraud tactics evolved across prehistory, industrialisation, and the internet era
- Specific examples of deepfake-enabled deception and fraud-as-a-service economics
- The article's broader narrative treatment of how psychology has stayed constant across 3,000 years
👉 Read Sumsub's full history of fraud from ancient scams to AI deception →
Fraud history and AI deception: what security teams need now?
Explore further
22/06/2026 10:48 am
Fraud is now an identity security problem because trust itself has become the attack surface. The article shows that every era of fraud succeeds by manipulating who or what someone believes they are interacting with. For identity teams, that means authentication, authorisation, and verification cannot be treated as separate concerns when the attacker is trying to simulate legitimacy across multiple channels. The practical conclusion is that identity programmes must assume trust can be forged before access is ever granted.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- Companies are dedicating an average of 32.4% of their security budgets to secrets management and code security, with US organisations leading at 40.8%.
A question worth separating out:
Q: Who is accountable when a fraudulent request is approved through a trusted channel?
A: Accountability should be shared across process owners, control owners, and the approving function, because the failure usually sits in the workflow design rather than one bad decision. Organisations should map where trust is assumed, where review can be rushed, and where approval can be impersonated without a separate challenge step.
👉 Read our full editorial: Fraud has always exploited trust, urgency and authority
