Picture the person on the other end of the fraud call.
For most people, that image is singular and solitary — a lone operator in a darkened room, running an improvised con on whoever happens to pick up the phone. It is a portrait that is not just incomplete. It is strategically wrong. And that misunderstanding is part of why financial fraud has become one of the fastest growing and most economically consequential criminal enterprises on the planet.
The reality is an org chart.
Behind the call is a recruitment team that identified and hired the operator. A training program that taught them the script. A supervisor monitoring their performance against a daily quota. A technology team that spoofed the caller ID, built the fake website, and manages the infrastructure. A financial operation that may have researched the target in advance — or may have simply dialed until someone answered — and will move whatever proceeds result through multiple layers of the global financial system long before the victim has finished filing a police report. And in many cases, a leadership structure sophisticated enough to have retained legal counsel, established shell companies across multiple jurisdictions, and developed contingency protocols for law enforcement disruption.
This is not a scam. It is a business.
The Federal Trade Commission reported that Americans lost more than $10 billion to fraud in 2023 — the first time that threshold had ever been crossed. That figure, striking as it is, represents only what was reported. The actual number is believed to be significantly higher, as fraud carries a social stigma that suppresses reporting across every demographic.
Understanding how that number got so large requires understanding what actually built it. And what built it was not a surge in individual criminal ingenuity. It was the industrialization of fraud — driven by several converging forces that were well established long before artificial intelligence entered the conversation.
The Information Landscape Changed Everything
The foundation of almost every fraud operation is information. Knowing who to target, what they have, what they fear, and what they are likely to believe. For most of human history, that information was genuinely difficult to obtain. Personal finances were private. Relationships were largely invisible to strangers. Daily routines, home addresses, family structures, and professional circumstances existed in a world with meaningful friction between individuals and those who might wish to exploit them.
That friction has been systematically eliminated.
Data breaches alone have transferred staggering volumes of personal information from protected institutional databases into criminal hands. The 2017 Equifax breach exposed the Social Security numbers, birth dates, addresses, and financial histories of approximately 147 million Americans — nearly half the adult population of the United States — in a single incident. The 2021 T-Mobile breach exposed the personal data of more than 76 million customers. The National Public Data breach of 2024 is believed to have compromised between 2.7 and 3 billion individual records globally, including Social Security numbers and family relationship data spanning decades. These are not isolated incidents. They are points on an accelerating curve.
The result is that criminal organizations today operate with access to personal dossiers of extraordinary depth on virtually any potential target. Financial profile. Employment history. Family relationships. Home ownership records. Vehicle registrations. Prior legal matters. Medical affiliations. Political donations. In many cases, years of purchasing behavior, travel patterns, and social connections — all legally or illegally obtained, aggregated, and available.
Beyond breached data, the open internet has become an intelligence resource of remarkable utility for criminal research. Social media platforms alone provide criminal analysts with a continuously updated window into targets’ lives — their relationships, their financial milestones, their anxieties, their routines, and their vulnerabilities. A recently announced job change, a public congratulation on a home purchase, a post about caring for an aging parent, a comment expressing financial stress — each is a data point. Assembled together, they produce a targeting profile that would have been unimaginable to criminal operations a generation ago.
Public records — property transactions, court filings, business registrations, professional licenses, obituaries — layer additional depth onto that profile at no cost and with no technical sophistication required. The information architecture that fraud operations depend on is, in large part, simply the internet, used deliberately and methodically.
Scale Before Sophistication
It is important to establish this information foundation clearly, because it explains how criminal fraud enterprises reached industrial scale before artificial intelligence became a widely available tool. The growth of these organizations over the past decade was not primarily a technology story. It was an information story — and an organizational one.
Criminal networks recognized, earlier than most legitimate institutions acknowledged, that the collapse of personal information privacy created an exploitable asymmetry. The people running these operations frequently knew more about their targets before first contact than the targets knew about themselves — and the targets had no idea. That asymmetry, systematically exploited at volume, produced the growth curve the FTC numbers now reflect.
Organizational sophistication followed. As operations grew more profitable, reinvestment in structure, process, and personnel became economically rational. Training programs improved conversion rates. Specialization increased efficiency. Geographic distribution reduced law enforcement exposure. The same logic that drives organizational development in any growth-stage business drove it here — because the underlying dynamic is identical. These are businesses. They respond to business incentives.
The Latest Force Multiplier
Artificial intelligence has not created the fraud epidemic. It has inherited a criminal infrastructure already operating at significant scale and added capabilities that expand its reach, reduce its costs, and accelerate its evolution in ways that are only beginning to be understood.
Voice cloning technology can now produce a convincing synthetic replica of a specific individual’s voice from as little as three seconds of source audio — audio that may be freely available from a voicemail greeting, a social media video, or a public appearance. That capability transforms the Grandparent Scam — in which a caller impersonates a grandchild in distress — from a performance requiring skill and improvisation into an automated process requiring neither. In 2023, a Canadian family reported receiving a call from what sounded exactly like their son, claiming he had been in a car accident and needed money immediately. It was not their son. It was a synthetic voice built from publicly available audio.
Deepfake video technology has advanced to the point where real-time face replacement on video calls is operationally viable. What was once a post-production capability requiring significant processing time is now deployable in live conversation — meaning that a video call intended to verify identity can no longer be treated as verification. In January 2024, a finance employee at a multinational firm in Hong Kong was deceived into transferring the equivalent of $25 million USD after participating in a video conference call in which every other participant — including someone representing the company’s chief financial officer — was a deepfake.
AI-powered research and targeting tools allow criminal organizations to process and analyze vast datasets at a speed and scale no human analyst could match — identifying optimal targets, personalizing approach strategies, and iterating on what works across thousands of simultaneous operations.
The asymmetry that information availability created has been deepened by artificial intelligence. The targets of these operations are largely unaware of the capabilities being deployed against them. The organizations deploying those capabilities invest in their development with the discipline of any technology-forward enterprise.
That is the landscape. What operates within it is the subject of everything that follows.